The Ministry of Electronics and Information Technology has gathered all inputs for the Data Protection Bill and is reviewing it to see what revisions are needed and is working towards getting the Bill ready and tabled in Parliament
The Data Security Council of India, the industry body on data protection in India, set-up by National Association of Software and Services Companies (Nasscom), is promoting cybersecurity product companies and moving ahead in its mission to educate different agencies on the perils of cyber-attacks.
Rama Vedasree, CEO at DSCI, who was part of the grouping that drafted the Data Protection Bill in India, talks about why it is important to nurture new cybersecurity start-ups, status of the Bill and how global developments in cybersecurity impact India.
Q: What is the cybersecurity product companies scenario right now?
A: The Indian security product landscape is a promising story. What is interesting is that the ecosystem has grown to over 175 companies and our estimation is it is cumulative revenue of $450 million in 2018.
We are seeing very good IP (intellectual property) creation because we are aware of almost 44 companies who are being granted patents, which talks about innovation from India. Many of the new age companies are growing more than 60 percent year-on-year.
Almost all of them are using some emerging technology, cutting edge technology like artificial intelligence, machine learning, blockchain and security analytics. They are growing not only in India but also globally.
Q: Where is the original innovation happening in cybersecurity product companies? Is it early stage, mid-range or later stage start-ups?
A: Almost 40 percent of these companies have been incubated in the last 10 years. A few of them are obviously in the early stage (3-4 years old) but many of them are also five to 10 years old or more. A few of them have been incubated in academia, not many. Most companies are bootstrapped on their own, most of them have security industry experience.
Q: How do they fare against the big boys? Is there more preference for big brands or big names?
A: I think in large enterprise customers, governments, there is a tendency to go with a proven platform and large global companies who have a market dominant position, whichever way you look at it. Slowly we are seeing a lot of young start-ups make a foray into enterprise customers, especially on the banking side.
What is interesting is that some of these start-ups are partnering with the large services, telecom and banking companies and are beginning to see good traction.
Q: Is the government willing to work with young start-ups?
A: The government has started a policy called preferential market access and government is a big focus area for our start-ups, but not many have been able to see much success, except few who work with national security, threat intelligence or social media intelligence.
Q: The Ministry of Electronics and Information Technology (MeitY) has been talking about appointing chief information security officers in ministries. How long is that going to take?
A: I think that’s moving. I can see some appointments. Hiring CISOs on a short term basis from the industry into the government is a challenge. I am beginning to see CISO appointments in some ministries.
Q: Do yo have a role to play in training people in the government?
A: We call them for a lot of our workshops. We did a complete session for state run-entities in in Bengaluru. We showed them what a cyber defence centre looks like. We walked them through what technologies that go behind such a centre. We are doing that kind of capability building. Similar sessions were conducted for the Ministry of Home Affairs, police officers, district officers and cybercrime investigators.
Q: Is the Bill likely to be presented in the winter session?
A: I don’t have any inside view but what I understand is MeitY has gathered all those inputs, reviewing it and seeing what revisions are needed in the Bill. What we understand from MeitY is they are working towards getting the Bill ready and tabled in Parliament (in the winter session).
My concern is there are about 600-700 submissions. A lot of them came from governments worldwide, and then industry bodies, think tanks, policy bodies and others. So, who is going through them, whether they will be able to review all of that, I am not sure if we are losing time on that.
Q: Has any state government or ministry made a submission about the Bill?A: I think now they are doing an inter-ministerial consultation. As the Bill is tabled in Parliament there will be there will be inter-ministerial consultation. We are hoping they will do one consultation with industry also. Nasscom and DSCI have made a very strong submission and have asked for so many provisions to be revisited.
