Commissionaires
Follow us onFollow us on Twitter
ISC Solutions
iTech
CANASA
Reboot Communications
Pelco
Defilaide

Q&A with Anupam Sahai, president eGestalt/ SecureGRC

Topic: Governance, Risk & Compliance

Can you tell us a little bit about eGestalt?
We founded the company in September of 2009. I’ve known cofounder and chairman Chandra Sekhar Bilugu for more than 20 years and we’ve been trying to do something together for a long time. We were very passionate about the possibility of making a difference in technology and business innovation. We have a different angle on security, risk management and compliance. Most companies approach these through different application silos. Most of today’s solutions provide very little customer satisfaction. We provide security, governance, risk management and compliance (IT-GRC) through a single, unified application that offers many benefits to the customer.
 
How is your company’s solution different from what companies have been using for IT-GRC?
SecureGRC is the world’s first truly leading integrated IT compliance and security management solution for enterprises. Using a patent-pending solution, this unique approach to unifying information security and IT-GRC will lead to better compliance policy implementation since the monitoring and vulnerability analysis tools provide an unprecedented fine-grained view into the vulnerabilities that exist in the enterprise and helps in effective threat detection and business risk estimation, simplifying regulatory compliance.
 
Though compliance, risk management and governance have been a concern to several companies, the Enron scandal and Sarbanes-Oxley law put more of a spotlight on these issues. How have these issues changed/evolved in the last few years?
If you look at it from a regulatory perspective, there have been a lot more regulations, like Payment Card Industry (PCI) rules and all of them are aimed at primarily good governance. In ensuring good governance, implementing compliance management is necessary but very expensive today. If you look at it from a security and risk management perspective, the hackers have gained more sophistication. The “black market” or “underground market” for software vulnerabilities adds a new and disturbing dimension in protecting economic sectors and critical infrastructure. The skills of the hackers have gone up dramatically in the last few years and organized fraud groups are willing to pay for such hacking skills. Companies have much more exposure and more risk today than they used to.  According to the Computer Security Institute, about 50% of companies have no security monitoring solution; 45% of companies that do have a security monitoring solution outsource it to a third-party provider.
 
Some companies have no issues in outsourcing some of their operations, but security and GRC have typically been maintained internally. Why should firms go outside the organization?
Most security solutions today that are available and implemented within an enterprise do not meet the customer’s specific needs completely. They are point solutions with different application silos for information security and compliance management . There is no holistic view of IT-GRC coupled with Information security. Our view is that it’s not good enough to look separately at just enterprise risk, just security or just compliance management. Just because you’re secure doesn’t mean that you are compliant. Just because you’re compliant doesn’t mean you are secure. A lot of it comes down to core competencies. Companies will often ask what tools they need to be secure. There’s a lot of confusion about what a company needs to do to be compliant and secure and to manage risk from multiple vantage points. The company may not have core competencies in those areas. Large companies have a large staff strength to ensure compliance, security and risk management. Smaller companies don’t have the same resources. It’s hard to ensure that the tools that you are using are secure. Our solution, SecureGRC, brings to companies the core set of tools that they need to deal with information security, risk management and compliance. SecureGRC includes ready-to-use compliance control kits for PCI-DSS, ISO 27001/27002, COBiT, Sarbanes-Oxley (SOX), HIPAA, Gramm-Leach-Bliley Act (GLBA), and other country specific frameworks.  There is also forthcoming support for BASEL II and FISMA. We offer it through the cloud, making it easy for companies to adopt and deploy. It brings a lot of automation to the monitoring process. Cloud computing is fast becoming a reality, in a virtualized world the differences between internal resource and external outsourcing are becoming seamless.
 
Why has eGestalt chosen to offer this solution through the cloud?
There are technology and business reasons why we offer our solution through the cloud. It offers much more scalability to the end customer. Companies can leverage the intelligence of the cloud across the entire enterprise. The entire infrastructure is virtualized. For example, if there’s an attempted hack in China, all companies using the cloud service are notified immediately and the threat is managed more effectively. Any time there are changes to regulations like Sarbanes-Oxley, HIPPA or other rules, everyone using the cloud solution gets those changes immediately. The cloud takes care of backup and tolerance. SecureGRC’s on-demand cloud-based, “pay-as-you-grow” subscription service enables up to a 10x reduction in total cost of ownership, which is ideal for cost-conscious small and mid-size organizations. They pay only for the amount of resources that they consume. They can pay for more as they grow and consume more services. The backend infrastructure can scale up potentially infinitely based on customer demand. The cloud is the future.
 
Cloud services are starting to catch on in several areas as companies try to reduce costs, but IT-GRC has historically been handled in-house. How comfortable do you expect companies to be in using the cloud for IT-GRC?
We’ve taken steps to ensure that a company’s information is secure. We encrypt data completely and control how it is stored and transmitted. We’re only storing statistical data, not client data. So getting access to that information means nothing to a hacker. We use the Amazon hosting infrastructure. They have a lot more resources to spend on security than smaller companies. If someone prefers, we can offer an on-premises solution, but then the company loses all of the benefits of the cloud – the ability to leverage intelligence immediately across the enterprises, the cost reduction and the virtualization of the infrastructure.
 
How do you see IT-GRC services evolving in the future?
This is the world’s first solution to offer IT-GRC services through the cloud. We feel this is the wave of the future. We have filed multiple patents for our innovative approach to protect us. Other companies may start trying to catch up, but by the time they get to where we’re at today, we would have learned and capitalized on what we’ve learnt. We are an innovation driven company and we will continue to make advances through technology and business innovation in an ongoing manner.

For more information, visit www.eGestalt.com.

Bookmark and Share

Resource Centre Categories

IT
Anti-Spam
Web Site Security
E-mail Content Management/Filtering
Authentication
Anti-Virus
Integrated Applicances
IM Security
Public Key Infrastructure
Data Loss Protection
Database Security
Mobile Encryption
E-mail Archiving
E-mail Encryption
Data Recovery
Patch Management
Mobile Security
E-mail Security
Digital Forensics
Firewalls
Web Content Management
End Point Security
Web Server Protection
Hard Disk Encryption
Log Management
Identity Management
Penetration Testing
Remote Access
Virtualization
Internet Security
Application Security
VoIP Security
Anti-Malware
Intrusion Detection and Prevention Systems
Anti-Adware/Spyware
Security Information Management
Encryption
Network Access Control
Password Protection/Management
Enterprise Management
Wireless Security
Network Security
Digital Rights Management
VPN
  
Content Management
Storage
Secure eCommerce
  
SSL VPN
Managed Services
Secure File Transfer
  
Physical Security
Access Control
Security Product Distributor
Fog Security
Battery Back Up
Biometrics
Perimeter Protection
Shredders
Asset Protection
Laptop Security
Video Surveillance
Window Film
Home Automation
Sound & Communications
Wireless Security
Systems Integrator
IP-Based Video
Alarm Monitoring
Identification Products
Locks & Door Hardware
Safes & Vaults
Key Management
Smart Cards
Burglar Alarm Systems
Building Automation
Asset Tracking
Intercom Equipment
Window Bars
  
Fire & Life Safety
Guard Services
Structured Wiring
  
Procedural Security
Business Continuity
Compliance
Background Checks
Crisis Management
Fraud
Loss Prevention
Disaster Recovery
Association
Pandemic Planning
Training & Awareness
Investigations
Penetration Testing
Privacy
Incident Management
Risk Analysis
Vulnerability & Risk Assessment
Risk Management
Security Audits
Employee Monitoring