Last month, within a few weeks, two major pharmaceutical firms in India received ransomware attacks. It includes Lupin Limited, based in Mumbai, and Dr. Reddy’s laboratories, based in Hyderabad. The hackers cut off their data access, and these firms had to pay a ransom to regain access. Where Lupin’s core operations and systems were not hit (1), Dr. Reddy’s had to pause their operations across the globe (2).
Druva is an Indian cybersecurity firm (3) and a global leader in Cloud Data Protection and Management. It delivers the industry’s first data management-as-a-service solution. It aims to aggregate data from servers, cloud applications, endpoints, and leverage the public cloud to offer a single glass pane.
“When we started Druva in 2008, the first 18 months were challenging. Originally focused on the financial sector, we quickly realized that such institutions were uncomfortable purchasing critical software from small, India-based companies. At that point, we pivoted to a product designed more generally for enterprise uses, especially remote offices, and employees. This led to a lot of success and paved the way for our first successful round of funding. However, we remained convinced there was potential for something more.”
– Jasprit Sigh, Cheif Executive Officer and Founder at Druva (4)
It enables data protection, intelligence, and governance drastically to increase critical business information visibility and availability. Moreover, the firm also reduces the risk, complexity, and cost of managing and protecting sensitive data. Its award-winning solution intelligently collects data, unifies backup, disaster recovery, archival, and governance capabilities onto a single, optimized data set.
Druva, the fastest-growing data protection provider in the industry, has the trust of more than 4,000 organizations across the globe and protects more than 150 PB of data.
The firm is focused on helping its customers to build a solid data foundation and unlock data value. Consequently, it is always adding new features to improve its services and products.
Its cloud operations, a customer success team, security, IT, and larger organization all have powerful continuity plants that ensure seamless customer support with no disruption.
Cyber Attacks in India
It is worth highlighting that India is the third-most cyber-attacked country globally, as per Rajesh Pant, national cybersecurity coordinator (5).
In the previous months, there has been a paradigm shift in the way offices have functioned compared to the previous year. Due to the ongoing COVID-19, morning rush, arriving late in meetings, taking tea and smoke break, and finally leaving for home, these “office mundane” has now shifted online for most of the world.
As the world is dealing with uncertainty, a few companies have asked their employees to work from home till the end of 2020 or, in some cases, indefinitely, like Twitter (6).
While the work from home concept has several ups and downs, it is the need of the hour given the current scenario. It is described as the #NewNormal. However, cybersecurity experts can’t stop stressing an advanced data security system’s requirement to protect the company’s sensitive data and employees getting attacked by hackers.
“It is no longer business as usual. ‘Stay-at-home’ orders ensure that secure payments and billing procedures are nearly impossible. Remote employees are not trained on data privacy regulation and risk exposing sensitive information to a data breach. Without proper IT asset management, there are major dangers that must be mitigated.”
– Dr. Barbara Rembiesa, President and CEO of IAITAM (7)
Hackers have always been there among us; however, they have never been this busier as more and more people are moving towards cloud services and working remotely.
One report stated that phishing attacks have surged by 600% since COVID-19 resultant work from home culture, which leads to several network compromise. Hackers are also on overdrive amid pandemic and targeting MSMEs sectors, including healthcare.
Notably, Cyber Emergency Response Team, or CERT India, repeatedly issue warnings and advisory on the increased hacking, spamming, phishing, and scanning threats for ICT systems (8).
On the other hand, experts are discussing the online privacy topic thoroughly; however, there has been no solution in sight so far. The uproar over the Data Protection Bill, sent to a select committee after it was tabled in Parliament last year. The only case in the point is some of the misgivings in its present form has voiced by many.
How Can Companies Tackle Data Breach?
According to a recent Malwarebytes report (9), a security software provider, since the beginning of the novel coronavirus pandemic, at least 20% of organizations have reported a security breach due to remote working.
Another report by Barracuda Networks (10) on India stated that approximately 66% of Indian firms had suffered at least one data breach after abruptly shifting to work from home model.
Such data breaches not only threaten a firm’s reputation, but they also burn a big hole in their pocket. As per a study by IBM Security (11), the average cost of a data breach in the nation is 14 crore INR. The study, focusing between August 2019 and April 2020, indicated an increase of 9.4% from 2019 findings.
As per Milind Borate, Co-founder and CTO, Chief Technology Officer of Druva, a cloud data management and protection provider, it is not feasible to apply existing practices to new data sources considering the disruption amount to the environment.
Borate believes that a firm needs to identify the data that is critical and at-risk and focus on meeting regulatory standards for security and compliance for the data for its security protection. It would guide a company to secure the data more effectively. Once the data is compliant and secured, Borate also advises extending a backup safety net.
“Especially in a new environment, people will make mistakes, cloud systems will fail in unique and unexpected ways, and new configurations will trigger latent software bugs. When things go wrong, people will want to recover data to continue to move forward. Knowing that they have a safety net will enable them to proceed with more confidence.”
– Milind Borate, Co-founder and CEO of Druva (12).
He further stated that the final step for an organization would be to automate its data protection. While explaining his statement, he added, “Since your teams are manually changing core operations on the fly, their safety net needs always to be there. With the new environment complexity and lack of expertise, data protection must be fully automated. It’s the only way to be safe.”
Druva maintains an enterprise security program to meet the rigorous security needs of its diverse customer base. It ensures data security of the organization regardless of the deployment of the backup solutions. Simultaneously, keeping data security paramount, Druva designs its cloud-first strategy while allowing the extension of data center and SaaS applications leverage.
It provides the security and data governance tools to data, at rest or in-flight regardless of whether your backup is via the cloud or as a hybrid model.
Remote Working and Threats
Jaspreet Singh and Borate founded the firm in 2007, and Druva has now entirely become an Amazon Web Service, AWS, and has a trust of more than 4,000 enterprises and manages over 150PB of data globally. Notably, it entered the coveted unicorn club, first of its kind in June 2019 (13).
There are three types of risks organizations can face in a remote working setting. Firstly, an organization would need to confront its potential security vulnerabilities. Since the line between personal and professional environment is getting blurred, employees can download ransomware on his laptop and risk the entire organization’s sensitive data.
Borate points out that without prior experience, a user is at risk of exposing or losing data on the cloud. The CIO, Chief Information Officer of the firm, needs to manage the risk of mischievous hackers who try to exploit vulnerable cloud and endpoint environments.
To replace face to face interactions, a firm must also rely on SaaS, a Software-as-a-Service application from messaging to sharing a document. The CIO needs to ensure that sensitive communication transmitted over SaaS applications must comply with all regulations and retain business-critical information.
CIO needs to monitor and manage online communication compliance at a broader scale than ever as more people work remotely. Moreover, it would also lead to application outages.
People upgrade, modify, or even migrate a component to the cloud without knowing its implications. Hence, companies need to have the capacity to recover applications to a healthy state rapidly. As employees work remotely, they may make mistakes, miscommunicate, and increase security threats, uptime, and compliance. CIOs need to come up with plans to find, triage, and recover from these issues.
India’s Movement Towards Cloud
Since the past couple of years, Indian organizations are making a significant investment in technology infrastructures. Firms previously hesitant to invest in cloud solutions are also gradually comprehending its importance. It indicates a shift in the Indian mindset as we are witnessing more organizations turning to the cloud to ensure business continuity (14).
Today, businesses are probing for technology that can help them scale efficiently with a minimum impact on employees and be deployed even during a restrictive work environment.
“Currently, all focus lies on COVID-19 management and innovation challenges are running to help us tackle the pandemic, but all this will possibly transform into something larger, and we should never waste a crisis but take it as an opportunity.”
– Ajay Prakash Sawhney, Secretary, Meity, Ministry of Electronics and Information Technology (15).
Adopting such cloud technology has helped data protection players like Druva grow at a striking rate. The SaaS-based unicorn had recently announced the close of its most successful year. It has experienced a 70% year-on-year increase in recurring revenue for its data center workload protection solution and a 50% growth in overall data under management.
The year 2020 has been a strong year for Druva. It has an opportunity to expand its growth even further this year, considering its strategy combined with the present market acceleration towards digital migration.
Indian Cyber Security Market
According to the estimates (16), the data businesses would add about 450 to 500 billion USD to India’s GDP by 2025. Consequently, there is also growth for the data protection industry.
The cybersecurity market is expected to grow from 1.97 billion USD in 2019 to 3.05 billion USD by 2022 at 15.6% CAGR, a compound annual growth rate. Notably, it is almost one and a half times the rate across the world.
The factors that are significantly driving cybersecurity demand in the Indian market include digital growth, which mandates security investments, increasing attacks on cybersecurity systems, and regulatory requirements for the security market.
“As India gears up to become a hub for cybersecurity, investment becomes the game-changer to nurture startups. We have seen an uptick in cybersecurity patent filing and grants in India, proving the growing innovation ecosystem in our country. As Big Data, AI, Cloud, and other deep tech emerges, cybersecurity serves as a foundational tech across all technologies. For that, we need a spurt in innovation and investment.”
– Rama Vedashree, CEO of DSCI, the Data Security Council of India (17).
The study further estimated the key sectors; BSFI, Banking and Financial Service Industry, IT, Information Technology, and ITeS, Information Technology enabled Services, and the government would drive India’s cybersecurity market. These spaces would constitute more than 68% cyber market share.
It is worth highlighting that cybersecurity attacks in BSFI have far evolved from merely being a cybercrime to cripple the economy. It has the largest cybersecurity expenditure, with a 26% market share. Estimates suggest that the sector would increase its expenditure to 810 million USD from the existing 518 million USD by 2022, at a CAGR of 16.1%.
Since service organizations holding valuable client information have become a target of recent cyber attacks, the IT sector is also likely to witness a surge in its security spend from 434 million USD in 2019 to 713 million USD by 2020, at 18% CAGR.
The government is likely to spend significantly on security to thwart cyber attacks from hackers. The government’s cybersecurity demand is likely to reach 581 million USD by 2022, at a growth rate of 13.8 CAGR.
Meanwhile, other sectors primarily involving energy, automotive, and healthcare are also likely to grow from 630 million USD in 2019 to 949 million USD by 2020, at a 14.6% CAGR.
Druva Sets Industry Benchmark
With 70% growth yearly in data center workload revenue (18), businesses grip the cloud-first approach for rising data threats and increasing record growth across the country. Its percent growth has marked it the largest and most trusted firm for delivering SaaS-based data protection.
According to a May 2020 IDC report (19), spending on infrastructure is still projected to grow to 237 billion USD this year considering the resilient spending of service providers in addition to ongoing enterprise demand for cloud services. Druva has continued to illustrate the value that cloud data protection offers compared to traditional architectures, based on hardware when building a platform that offers one-click setup, lower costs, automated updates, various workload coverage, and proven customer success.
While leveraging the powerful capabilities of Druva in their firms, customers have performed more than 1.5 billion backups with Druva in the past year. The company has also helped over 1,000 entities ramp up from the investment-heavy and conventional data protection approach.
Moreover, Druva also offers the most comprehensive coverage, automated capabilities, and the ability to cover all modern cloud mandates, including cloud-native environments, SaaS applications, and migrated workloads across the industry.
“The spring of 2020 will be forever remembered as the inflection point of the cloud era when years of planning and discussion transformed into action and massive migration efforts nearly overnight”
– Jaspreet Sigh, Founder and CEO of Druva (20).
Jaspreet Singh added that there has never been a more significant need for trusted technologies, and the cloud has proven itself the ultimate contingency plan.
According to the Research Director of IDC, Phil Goodwin, data protection plays a critical role than ever before for ensuring 24 x 7 running enterprise collaboration platforms for improved employee productivity.
He also highlighted the enhancements introduced by Druva and its plans in the coming years; it is positioning itself to help its customers navigate the transition and effectively protect their workforce’s and organization’s data.
More About Druva
Druva, after its inception in 2008 as a SaaS backed backup platform, it has the aim to protect endpoints. Over the years, it has grown into backing up and protecting endpoints like laptops and cloud and data center-based words and multiple SaaS platforms like Office365 and Salesforce.
Currently, Druva uses the AWS platform to automate most of its tasks, which allows them more time for product planning and development. According to the firm, the organization would get a faster time to market if it builds inSync Could on AWS.
AWS Cloud Platform (21), Druva is Data Protection and management firm for the cloud era. It drives down the customers’ costs by 50% by freeing themselves from unnecessary hardware, capacity planning, and software management.
It is a private company headquartered in California, USA. Some of its investors include Sequoia Capital, Viking Global Investors, Tenaya Capita, Nexus Partners, and Riverwood Capital.
Notably, Druva only gets 10 to 15% of its revenue from the Asia Pacific region and is nearly unknown in India. The firm already has legacy IT firms for setting up and servicing data protection infrastructure. Its marketing strategy also seems to be more tailored towards the USD market, where it already has software aggregators for distribution.
However, the firm has recently doubled its efforts to win new clients in India and also considering IPO.
“India is a critical market for us, especially at a time when the urge to go digital can be witnessed across industries as well as the governments. We are here to provide software-as-a-service (SaaS) platform for data protection and management across edge, on-premises and cloud workloads, to the enterprises,”
– Borate (22).
COVID-19 has accelerated the pace of enterprises’ realization that it has become harder to manage their data centers if they can’t reach it. It is leading to the rapid adoption of SaaS and public cloud. Consequently, Druva also sees more demand since its products are in the backup as a service space.
Moreover, Druva is playing a critical role at every step of cloud adoption as a leader in cloud data protection provider and the only SaaS-based data protection provider.
However, as the world is rapidly gravitating towards a hyper-connected ecosystem, it has led to an increased rise in organizations’ threats and risks. The landscape is also greatly evolved as cybercriminals are planning the attacks strategically.
It is common among modern enterprises to practice a defense-in-depth security approach. Unfortunately, nothing is perfect, and any firm that collects information about its customers must have preparations to keep that data safe and prioritize it.
And, Druva is likely to remain focused on accelerating its growth this year as there is a growing demand in the region for alternatives to aging hardware and legacy solution. At present, businesses are now looking to break free from the data center’s restraints and embrace a cloud-first approach for rising data protection requirements.