Cybersecurity in India: a new chapter with Cloudflare

To understand how the cybersecurity landscape in India is evolving, we interviewed Fernando Serto, chief technologist and evangelist for the APJC at Cloudflare. While India is underperforming in terms of cybersecurity preparedness, being ranked 17th out of 20 on the MIT Cyber Defense Index and often considered the capital of cyber attacks, rapid change is taking place. This transformation is driven by a renewed interest in data regulation, privacy and cybersecurity by lawmakers across the country, which is positively impacting businesses and service providers.

A change of attitude and new regulations

The Indian government has worked hard to create regulations that rival those of other countries. Building on the Information Technologies Act of 2000, the new IT rules of 2021 have strengthened Indian cybersecurity regulation. “It is interesting to see how India is maturing politically. Organizations are now required to report a breach within 6 hours, compared to the 72 hours required in Australia,” Serto noted. But it's not just regulators who are keeping up with cybersecurity: according to Serto, companies themselves are becoming more aware of the importance of cybersecurity.

Challenges and solutions for cybersecurity in India

Due to the high population density, Indian companies face unique problems when implementing cybersecurity solutions, problems that also extend to the tools used internally. The sheer number of people, assets, networks, and employees that need to be protected presents a significant challenge. Serto noted that connectivity is not an issue for tier 1 cities, but becomes an issue for tier 2 and 3 cities. However, it also found a link between user experience and willingness to adopt solutions of cybersecurity. For example, he mentioned the adoption of split tunneling services for internal VPNs, which improved the user experience but reduced visibility and security. The solution, according to Serto, lies in a balance between user experience and security: if the user experience is not compromised, users will not be tempted to bypass security controls.

Advice for large companies and startups

Big Indian tech companies have long been the backbone of many companies around the world. At the same time, India boasts a vibrant startup ecosystem. Serto emphasized the need for large organizations to move away from the traditional approach to purchasing security solutions, proposing instead to make smaller but more frequent purchases in line with the latest advances in security. As for startups, Serto's recommendation is that they adopt security controls in the same way they handle software development, thus making the process much more natural for them.