Homegrown cybersecurity startup InstaSafe is using 'zero-trust' security model to create a global footprint
Over the last decade, the Indian cybersecurity space has evolved at a much faster pace due to the rapid adoption of technology. This has also led to cybersecurity discussions move from IT boardrooms and Fortune 500 companies to startup corridors and even sector-agnostic SMBs.
With more than 225 players in the Indian cybersecurity space, companies are now fighting the war both at the local and global front. One such player is InstaSafe.
Founded in 2012 by Sandip Kumar Panda, Biju George, and Prashanth Guruswamy, Bengaluru-based InstaSafe was started with a mission of creating simpler, people-centric solutions that went beyond the traditional concept of assigning trust by default to internal assets and denying trust to external assets.
As Sandip explains, InstaSafe started using a Zero Trust approach, which was relatively a novel security concept during the time. It basically stopped discriminating between devices within the network, or outside it, and assigned zero trust to all devices.
This means, every device was authenticated and vetted, and the context of each access request was verified before granting access.
Fast forward to eight years, the Zero Trust market is now touted to make significant inroads in terms of growth, with an expected CAGR of almost 17 percent to reach $51.6 billion in 2026 This, coupled with an increase in remote work and the proliferation of the cloud and BYOD Device usage, has caused a pertinent rise in the adoption of novel security technologies.
“InstaSafe has grown at a rapid pace during this transitional period, making it to the coveted list of the fastest-growing tech companies in the country. While the way we work has certainly matured, we are still hungry to innovate and solve every modern security challenge that comes our way,” says Sandip.
Today, it claims to have registered a Y-o-Y growth of 574 percent, with a client base of 120 that has an increased rate of 30 percent. So far, the startup has raised $2.7 million.
Understanding the industry gaps
As Sandip explains, in the early days, the major issue in cybersecurity was the inherent complexity of solutions, and a traditional ‘command and control’ approach to security, which operated on binary lines of ‘allow’ and ‘block’, while using ownership and control as a proxy for trust.
However, with the advent of digital transformation processes, every asset was potentially compromised, and the need arose for adaptive solutions that help make sense of the grey nature of assets in the black and white world of network security.
With more and more enterprises migrating their applications to the cloud, companies that were turning digital had to open up their tightly secured network perimeter to a multitude of users that not only included remote employees but also third-party partners. It was difficult to ensure that these employees were securely accessing the enterprise network, without putting the entire network at risk.
“A cost effective solution was required that would secure the flow of this data through a secure yet simple authorisation and encryption process, which led to the birth of InstaSafe. While we faced our share of challenges initially, today, Zero Trust has become mainstream, owing to its elasticity, security, and scalability,” he adds.
Solving the ‘first mover’ challenges
As Sandip reminisces, when the startup was launched in 2012, InstaSafe was based on the SDP architecture. Software Defined Perimeter (SDP) Architecture Guide is designed to leverage proven, standards-based components to stop network attacks against application infrastructure. When InstaSafe started, this was based on CSA’s guidelines.
“These guidelines were then evolving as a revolutionary solution that could change the way multi-cloud access and secure remote connectivity could be achieved,” he adds.
On the client’s side, pricing was one of the key challenges. The traditional Indian enterprise is often reluctant to spend on cybersecurity, and more so on a solution-based approach that was devised less than a decade ago.
“We had to initially face roadblocks in explaining what our solutions stood for, and more so how they were much more effective in securing a prospective client’s critical assets, as compared to their existing security setup,” says Sandip.
While this changed over time, the team had to continue innovating due to the rapid evolution of technology.
“With the advent of neoteric cloud security solutions as a viable replacement for legacy-based security systems, we have had to go through a huge learning curve on the road to run a successful startup,” says Sandip.
Business growth and tech stack
As of now, InstaSafe’s primary offerings include its flagship Zero Trust Solutions, Zero Trust Application Access, Zero Trust Network Access, and VPN Alternative Solution. The team also claims to have gained significant traction with its Managed Bug Bounty Program, SafeHats, and the InstaSafe Authenticator.
The startup implements a Software-Defined Perimeter to operationalise the Zero Trust model. On the backend, it uses proprietary tech like NodeJS, MySQL, MongoDB, Electron Framework, Wireguard, Angular JS, Firebase.
Working on a subscription-based SaaS model, the startup has signed distribution, technology, and partnership agreements with companies like Ingram Micro, AWS, and Hitachi, among others.
Sandip accepts that there is intense competition in the cybersecurity space with the growing obsolete nature of VPNs. Some of the key competitors for the company are Cisco, Fortinet, Perimeter81, and Zscaler, among others.
“The differentiating factor of InstaSafe from the competition is our Zero Trust Security and Human/Identity Centric Security,” says Sandip.
The team works with a flat hierarchy. It has cross-functional teams, which take a cue from Kaizen and refuse to see an end to the optimisation of its solutions.
“This makes continuous incremental changes and upgrades to make our solutions more secure and seamless,” he adds.
According to Sandip, with the ongoing COVID-19 pandemic in more than 150 countries, dependency on digital communications has multiplied. Given the present circumstances, adopting apt cybersecurity measures and investing in viable solutions that cater to the needs of secure remote connectivity should be the top priority of every business.
Gartner predicts that by 2025, 40 percent of boards of directors will have a dedicated cybersecurity committee overseen by a qualified board member, up from less than 10 percent today. This indicates that companies are becoming more cautious about their data, and at the same time, moving on from sole dependencies on VPNs.
“With the security growth story showing a consistent upward trend, it presents an opportunity for us to showcase the simplicity and effectiveness of our solutions to companies across the world,” says Sandip.
InstaSafe now plans to aggressively expand its operation beyond the subcontinent to EMEA and the American markets. It also looks to expand its product line beyond Zero Trust Solutions.
“We also plan on having technology partnerships with global giants to move beyond Zero Trust towards a mission of complete end-to-end security and an integrated security experience for our customers, with our product line extensions and introduction of the InstaSafe Authenticator Applications that complements our Zero Trust solutions with an extra layer of inhouse security,” he says.