Security is a vastly complex subject and only the largest organisations can spend a fortune to stop threats in the digital age. So with the world moving online, every CIO has to face a perplexing question – ‘how does one manage risk?’
Risk management is the process of identifying, assessing, and responding to risk. Companies invest in application security, network security, database security, and endpoint security. Each of these security attributes operates in silos and require large IT teams to manage them.
Three-year-old Bengaluru-based startup Seconize uses risk management processes to enable organisations to prioritise decisions regarding cybersecurity.
Seconize offers a SaaS product – DeRisk Centre – that looks at all the asset types of the company and provides a unified view of the security. The startup was founded by Chethan Anand and Sashank Dara in 2017.
“Enterprises must protect to grow and cybersecurity budgets have to be economically utilised more effectively to thwart the threat in the early stages which minimises risk,” Chethan Anand tells YourStory.
The early days
Chethan has 23 years of experience in the industry and has an MS (University of Illinois Urbana-Champaign) as well as an executive MBA from IIM-B. Sashank has 18 years of experience and a PhD from IIIT-B.
They both were working for Cisco when they met. Chethan was a Senior Product Manager, creating products and taking them to the market, and Sashank was a Technical Leader in the security group. While at Cisco, both began interacting to discuss security-related aspects of some of the products that Chethan was working on.
“During our conversations, we realised that companies were getting impacted despite the increase in security spending. These cyber-attacks were getting automated and sophisticated, so companies had to address the problem in a slightly different way, instead of trying to address security as a line item in the tech stack. It would be better if they knew their security posture and take informed decisions. They have to manage cyber risk as they would manage any other enterprise risk, and thus Seconize was born,” adds Chethan.
Seconize founders
The product
Seconize “DeRisk Center” is an automated and continuous cyber risk and compliance management SaaS product that proactively identifies weak points in the enterprise IT infrastructure and applications.
It helps organisations understand their security posture and exposure resulting from their digital assets. It prioritises the risks based on the impact so that optimal investments can be made to minimise exposure. It enables executives to know their organisational risk profile, helps CISO to have real-time visibility across the infrastructure, and assists the IT teams to determine the root cause and its remediation.
The founders say the product minimises overall risk, with increased return on technology investment.
The product supports various asset types and applications, like websites, web applications, mobile applications, cloud configurations, cloud workloads, network devices, and endpoints (laptops).
For the first two years, they quietly built the product, testing out all the security needs of an organisation.
“Building a deep tech product is not easy. It requires time, talent, and money. We were first-time entrepreneurs, but had deep expertise in building enterprise products, which helped,” Sashank adds.
Getting the first client
For Seconize, the very first client did not come to them easily. In 2019, they met the CIO of an organisation to understand the way that they were running their cybersecurity practice. They understood that the goal of the CIO was to be a leader in security, in their industry, and adopt the best practices that would report closely to the board of the company.
The enterprise that Seconize spoke with worked with consultants who always used to conduct manual vulnerability assessments on their infrastructure. These consultants left the cloud and did not look at the future of data and digital transformation. This organisation was also planning to get certified for ISO 27001.
“The enterprise was not able to interpret the assessment reports, given that there were multiple reports across the various security asset types. Their customers also started asking them to report their security posture,” Chethan explains.
He claims that on hearing that Seconize’s DeRisk Center can automate their whole assessment across the cloud and on premise, they were excited.
“The icing was that the product will show a prioritized remediation view across the organisation. IT and development teams can look at the issue and the associated resolution, and start addressing it. They can know the resultant posture in near real-time. All along, CIO has good visibility across the organisation and could work with IT and business units to improve the overall posture,” he adds.
That’s how the startup won its first client.
Seconize founders
The business model
The company has been funded by the founders.
The product is offered as a subscription service, where the price is a function of asset type and asset count and this is managed by the product. The subscription includes support and consultancy to help customers better understand and improve their posture.
The company’s first focus was to cater to startups in the Asia-Pacific region (APAC) and the founders spent some time in Singapore as part of the Cylon Acceleration Programme. The startup has over 10 clients in India and plans to double the number of clients in the next 18 months to focus on the Americas and APAC.
The product itself is vertical agnostic, as almost all type of organisations can implement it. The compliance part, however, is region-specific.
The founders say that the startup will try to understand the buying patterns of customers when it expands its business. These patterns differ based on the market, sector, and size (maturity). Organisations which are growing fast, want to jump start with automation. The more mature organisations are the ones that want automation and risk management, along with compliance.
The startup, with a 10-member team, does not want to disclose its revenues. Companies that are in the risk management space are G Square, Regtify, Sharpfin, and Blackswan.
Cybersecurity in India
Organisations are embracing digitisation to grow their business but many often lack a holistic view of risks exposed by their digital assets. Companies are managing cyber risks by building standard defence mechanisms and deploying security products, though none can provide complete protection.
“Even with the defence in place, organisations do not know how effective they are and the risk exposure they bring. Compliance ensures that organisations have at least the basic defence mechanisms in place, since compliance is a common denominator kind of approach; it is good but not fully effective. Not all vulnerabilities or security issues are equal. Effective management and efficient use of resources requires context,” says Chetan.
Digitally, India is one of the most attacked countries in the world.
The Indian cybersecurity services industry is expected to grow to about $7.6 billion in 2022 from $4.3 billion at present. At a growth rate of about 21 percent, it is expected to be worth $13.6 billion by 2025, according to a report by the Data Security Council of India.
By and large, cybersecurity has remained in the B2B domain.
Cyber Security is the new normal and Seconize is well poised to become a large business in years to come.
