In our latest story in the StartupBharat series, we feature an acclaimed Vadodara-based information security company with a presence across India and big plans to expand in the US.

Gartner has recognised this Vadodara-based startup as leaders in their category, Amazon Web Services (AWS) has declared them as one of the most innovative companies in their space, and NASSCOM’s Data Security Council of India named them India’s No. 1 Security Product Company of the year.

With acclaim like that, it is no wonder that Indusface enjoys some serious street cred within the highly competitive information security industry. The company claims to be the only application security provider with an integrated solution that offers both visibility into risks and comprehensive protection against these threats.

Reinventing itself to stay ahead in the game

Incorporated in Vadodara with offices across India and the US, Indusface traces its roots back to 2004 and is now in its third avatar. But Ashish Tandon, Founder and CEO, says they’re still a startup, as the last product journey they undertook was as recent as 2013.

In 1998, Ashish, a former Ranji cricketer who played for Baroda, had to hang up his cricketing boots due to an injury at the peak of his cricketing career. An electrical engineer from the city’s MS University, Ashish had always wanted to be an entrepreneur. When cricket was no longer an option, he teamed up with his wife Nandini and in 1999 they started a company that became an ISP provider for Satyam Infoway’s (now Sify) services in Vadodara.

Since they were early movers in the ISP space, they did well. But in 2001, the duo realised that with telecom companies, including internet subscriptions as part of their offerings, a standalone business in the space would not survive. So in 2002, they exited the ISP business.

In the early years of the century, information security was still a nascent area. When Ashish and Nandini started an Information Security Consulting company, they tied up with several global security solution providers and began deploying third-party software for clients. Business was good, and further proof that they were on the right track came when Ashish was asked to be a part of the drafting process of the Government of India’s Information Technology Act of 2000.

While their security consulting company was doing well, Ashish began to question if this was enough to satisfy their entrepreneurial vision. They realised that organisations across India would soon need a more robust information security infrastructure because as everything was becoming more IT-enabled. The idea of building their own product rather than selling someone else’s seemed more appealing.

And so they took the plunge into the products space.

Building a product from scratch

With application security as their focal point, they hired a small team of developers and built a prototype. They launched their flagship product Indusguard the next year (2008). As more and more businesses adopted to technology and e-enablement, Indusguard gained more traction and success.

Their confidence in the quality of their product was validated when global security software giant Trend Micro acquired the business in 2012.

“The high point for us was that no Indian product company had built something that was bought out by one of the largest security company globally,” says Ashish.

Reducing risk of infosecurity threats for an online presence

“Security is one of the most basic requirements of an online presence, especially since regulatory bodies such as RBI, SEBI, IRDA, PCI, etc. insist on it as a compliance measure,” says Ashish.

The Government of India has allocated 10 percent of its IT budget towards cybersecurity and in July 2018, notified a Preferred Market Access order to support Made-in-India cyber security products.

According to Gartner, by 2023, more than 30 percent of public-facing web applications will be protected by cloud web application and API protection (WAAP) services that combine distributed denial of service (DDoS) protection, bot mitigation, API protection, and WAFs. This is an increase from the less-than-10-percent at present.

On to a bigger dream

Having tasted success with Indusguard and more confident after the Trend Micro acquisition, Ashish decided to build other application security products, with an understanding that customers needed a single product that could take care of all their application security requirements. In 2012, Ashish got in touch with Venkatesh Sundar, who had moved back to India after having worked in product development at global multi-national companies. He roped in Venkatesh as Co-founder to help build a product-centric business.

“Even if we identified an issue for our customers, it would take them a long time to fix it, leaving them more vulnerable, and that is what we wanted to change,” says Venkatesh.

And so, Indusface came up with an integrated product platform to solve all these problems.

Also read: How this Manipur-based entrepreneur is bringing healthcare to people’s doorsteps in the Northeast

A one-of-its-kind integrated security offering

Launched in October 2017, the company’s flagship product AppTrana encompasses the three functions of detection, protection, and monitoring in a single application security platform.

The Application Scanning function gives customers continuous visibility into their current risks, the integrated Web Application Firewall helps fix vulnerabilities instantly and accurately and the threat intelligence and 24x7 monitoring solution offers continuous web security monitoring and updates to signatures.

AppTrana is a SaaS-based offering with a significant number of customers from the US and other parts of the globe. They offer a free trial which allows customers to first experience the product and then start a subscription. All of this is done online, with no feet-on-the-street sales teams.

“The suite of products that we have now is complete. We scan websites or applications, find out what the issues are, fix it using our firewall, provide acceleration through CDN and then do 24 x7 monitoring to ensure that no attackers are able to exploit vulnerabilities as well,” says Venkatesh.

The solution also helps protect against DDOS (distributed denial of services) attacks, which take down websites and hit businesses hard.

“The no. 1 fastest growing vertical for us are online B2B and B2C businesses. The push for Digital India, Startup India, and demonetisation led to increased digital transactions, and that’s really helped us see a surge in demand for our product. Even with enterprises and banking and insurance we are seeing a huge surge in demand, thanks to the push for stricter compliance measures against hacking by regulators,” says Ashish.

Today, Indusface has 1,000 plus customers across various sectors, including the likes of IndusInd Bank, Edelweiss, Reliance (RDAG), Tata Group, Bharat Petroleum, Shoppers Stop, HDFC Group, ICICI Bank as well as startups and government departments.

Nandini says,

“What helps us grow rapidly is the fact that our business is not vertical specific. We are able to penetrate across various business domains.”

Market landscape

In today’s digital world, convenience has brought along a constantly evolving threat – cybersecurity. PP Chaudhary, Minister of State for Electronics and IT, says India saw over 27,000 cyber security threats being reported to the Indian Computer Emergency Response Team (CERT-In) in the first half of 2017.

Looking at the need, cybersecurity startups are gaining importance in India. However, most of these have been founded as early as 2011, and many have raised only undisclosed rounds of funding. In sharp contrast, the US is home to close to 63 percent of the world’s privately-owned cybersecurity companies. Of these, only six California based cybersecurity companies raised over $200 million in funding in a year.

Some of the top cybersecurity startups include - Lucideus Tech, based out of Delhi, Harnessing the potential of Blockchain and emerging technology, Mumbai-based Block Armour, launched in 2016, aims to disrupt cybersecurity. There also is Noida-based HaltDos is an AI-driven website protection service that secures websites against cyber threats.

Taking on the challenge of building a brand in the US

India remains Indusface’s biggest market. and the next big market they are targeting is the US. “We are putting more money and muscle into growing our business and are aggressively going after the US market. We have already started with investments, marketing, and hiring. We believe that’s where our next big growth will happen,” says Ashish.

“In all modesty, we believe we are No. 1 by a long distance in India. A 1,000+ strong customer force, acknowledgments and awards from leading independent bodies and testimonials from DSCI and NASSCOM help ascertain this. While AWS has officially validated our USP of being the only platform in the market that offers a complete and comprehensive web security solution, Gartner also started recognising us based on the positive feedback about us they received from their customers,” points out Ashish.

They had set some goals for themselves in terms of revenue and customer base, besides building the right team and following the right go-to-market strategy to make sure their products were liked.

“We have mostly achieved what we had envisioned. Key milestones for us going forward would be growth in customers, revenue and reaching newer markets,” he adds.

Indusface is currently bootstrapped but is in active discussions to raise funds in the future. For now, Ashish says, “We have a multi-million-dollar Annual Recurring Revenue (ARR), growing at over 40 percent YOY and are profitable. Currently, our business growth is funded by our customers and founders. With a good and ready product market fit and a great team, we are on the right growth path.”

Nandini adds,

“We want to make a strong solid push with our North American plans. We don’t do things half-heartedly just because we are bootstrapped. Now that we feel we are totally ready, we think it is the right time to raise money.”

Building the right team in Vadodara and beyond

Nandini says that one of their key priorities was to have a strong core team. So now the company leadership includes the three co-founders, Ashish, Nandini and Venkatesh, Chief Technology Officer (CTO) Ashish Pradhan who came on board from Symantec, Chief Architect Karthik Krishnamoorthy from Intel McAfee, Product Head Vivek from Dhruva and Finance Head Amit who was earlier with General Motors.

Collectively they have been instrumental in scaling up a strong technology team of over 85 employees based out of Bangalore, Mumbai, Delhi and Vadodara. While the company remains in Vadodara, Bengaluru is the engineering and product development hub, while the Mumbai and Delhi offices handle sales and business development, and Vadodara handles customer support. They also have an office in San Francisco.

“When we started out, we had a small 250 square feet office but had big dreams. Even though we had a humble beginning, we were as passionate about what we wanted to do even back then as we are now. Today, in the fraternity of people who know application security, be it customers or potential employees, Indusface has a great brand recall and respect. That, for us, is a major milestone that we are proud of. We have built goodwill among our people. Along with customer confidence, we have also built a happy team,” says Nandini with pride.

Also read: StartupBharat: From solar stoves to 3D printing, four stories of innovation from Gujarat