According to Gartner, by 2023, more than 30 percent of public-facing web applications will be protected by cloud web applications and API protection (WAAP) services that combine distributed denial of service (DDoS) protection, bot mitigation, API protection, and WAFs. At present, this number is less than 10 percent.
With the increasing focus on online and digital, in the last few years, cybersecurity has become extremely important for businesses. The Government of India, in July 2018, notified a Preferred Market Access order to support made-in-India cybersecurity products.
Vadodara-based Indusface is a well-known name in this space. Launched in 2004, the company is said to be one of the only application security providers in the market with an integrated solution that provides complete risk detection, protection and management as part of a single offering.
The early days in the application security space
Their journey began in 2008 with the launch of IndusGuard, a web application firewall. This became hugely popular and global security software giant Trend Micro acquired the business in 2012, a first-of-its-kind instance of an Indian product company’s offering being bought out by a global information security major. Buoyed by this success, they decided to venture deeper into other application security products, looking to provide customers with a single product that could take care of all their application security requirements. Venkatesh Sundar, Co-founder and CMO, Indusface, explains why they wanted to build an integrated product platform. “Even if we identified an issue for our customers, it would take them a long time to fix it, leaving them more vulnerable, and that is what we wanted to change,” he says.
They launched their flagship product AppTrana in October 2017, which encompasses the three functions of detecting vulnerabilities, protection from malicious cyber-attacks, and monitoring traffic in a single application security platform. It also helps protect against DDoS attacks, which hit businesses hard. Today, they have over 1,000 customers across the globe, and on a daily basis, their solution helps protect more than 400 sites and handles approximately 4TB of data per day.
The challenges posed by an on-premise solution
Initially, they provided an on-premise solution for their customers. However, this led to a number of challenges, especially for the customers, who had to bear the capex and also handle the responsibility of managing the on-premise infrastructure. Not only was this cumbersome, it was also time-consuming since it took months for the solution to be deployed from the time the customer decided to come on board.
When Indusface decided to build their SaaS offering on the cloud, Venkatesh says that AWS was the most obvious choice. “The alternative was to build our SaaS infrastructure on other public clouds. But given the reliability and spread of workloads that AWS provided, it was an automatic choice.”
How AWS brought in reliability, stability and offered instant protection
Indusface’s SaaS offering uses security centres built ground-up on AWS. These security centres are created in multiple regions which act as reverse proxies that monitor the traffic and protect the website from harmful requests or attacks. “One of the key metrics that come into play is downtime, as customers’ live traffic passes through our site, and we need to ensure that there is no downtime. We take extra precautions on the kind of workloads we use and constantly monitor the SLAs of each of these services as we guarantee our customers 99.99 percent uptime. We lean on AWS to build a reliable infrastructure so that we can provide reliable service to our customers. All the customer has to do is redirect the traffic to our site. They are protected against attacks instantly without any downtimes. So, if a customer is under attack, they can start our subscription immediately and get onboarded within 10 minutes. Onboarding happens seamlessly with zero downtime and within minutes,” says Venkatesh.
Venkatesh adds that it is this kind of reliability that has helped convince customers who are generally averse to moving to the cloud, especially those from traditional sectors like banking and insurance, to opt for Indusface’s services. In addition, he says they decide to go with AWS because of its ability to host a scalable SaaS infrastructure, and a shorter time to market. The seamless onboarding process which involved mapping the right services/stack to use from AWS also helped. “The biggest benefit is that we do not have to worry about the infrastructure’s stability and availability as the AWS stack is very robust and mature with hardly any technical issues. This enables us to focus on our core i.e. application security and innovate faster to serve our customers.” They use multiple services across AWS, including Route53, NLB, S3, EC2, NAT Gateways, Elasticsearch Service and RDS.
Not only technical support, enabling business growth as well
Since Indusface is bootstrapped, margins are very important, and AWS helped them scale without compromising on their margins. Due to the flexible pricing, they paid only for what they used, enabling them to build an infrastructure which is cost-effective. “Launching new machines or scaling just in time has become very easy and it is extremely effective both in terms of the ease and the cost,” says the CMO and Co-founder.
Apart from the technology, AWS also offers access to a wider ecosystem -- helping them grow their business in the form of prospective customer connects via their partner ecosystem, especially when building the product, as well as joint GTM plans with webinars, sponsored content and lead generation agencies. “The AWS business development and marketing team work as an extended arm to our own sales and marketing team and help us get new customers we otherwise could not get on our own in a cost-effective way. The AWS teams have visibly demonstrated that they have the same goal as us, to see our business succeed,” says Venkatesh.
Continuing to deliver on their promise of near-zero downtime
The internal team at Indusface itself has a critical role to play in the company’s success and Venkatesh says that building the initial core team of hands-on leaders was what helped them get them off the ground. “There is no secret formula here and having been in the industry for a decade, the initial core team was built via our own connections and ability to convince them to join us. Our CTO joined us after having led large engineering teams at Symantec. Our Chief Architect joined us from McAfee. Our Product Manager joined us after having helped successfully scale another security product. Initially, as founders, more than anything else, we were primarily focused on sales, trying to take our story to prospective customers to get them to try us out and also pay for it. Once we got the first few customers, we also built a solid sales team.”
The association with AWS has also helped them acquire major customers like TCS. “When they chose our application security SaaS offering, the fact that we were hosted on AWS was one of the factors in their selection criteria,” he says.
Talking about plans for the near future, Venkatesh says they plan to concentrate on strengthening their current offering, while also expanding its scope by incorporating Machine Learning and AI. “This will enable automated learning that will help our managed service team to take timely corrective actions. Our key USP is to provide a managed service benefit to our customers as a core part of our product offering and as we scale, we will have to keep strengthening that part to provide additional value to our customers.”
For Indusface, it is critical to ensure that their infrastructure is stable, never goes down, and in the rare instance that there is an issue, they should be able to recover from it in minutes, if not seconds. That is the most important aspect of their promise to their customers, says Venkatesh. “And we cannot find a better partner than AWS to fulfill that promise to our customers and keep innovating,” he summarises.