Divvya: So my very first question is, considering Synersoft is achieving such great heights, what are the future goals for the company and how do you aim on achieving them?
Vishal: We always tend to align the future goals of Synersoft following the future goals of our country and we have seen that this particular government is coming up with great amount of initiatives like make in India et cetera. We are really happy that Indian MSMEs sector is really growing and it is going to be one of the most beneficial policies in the entire world. These MSMEs are going to have great opportunities. So, a future goal is also aligned with that as we continue to invest in R&D for the solutions which are very much relevant to MSMEs. So if I talk about the next three years, we of course have a very much proven IT sector product, now we are mostly focusing on the R&D, productivity, machine, learning, and many more. So the next version of the black box in the coming times is also an IT infrastructure product and we will also be serving as a productivity monitoring tool. This will help the MSMEs in making their users, more productive, and that is something which is strategically we are planning.
Divvya: As we all know that the threat towards the cyber industry is increasing excessively, what are the major threats which are affecting the MSMEs in general? Are there any new and innovative threats which are occurring now?
Vishal: When we talk about cyber threat in general, it is mostly related to ransom ware, hackers or any other. All that is very much true and phenomenal in terms of the damages when it happens to a very large enterprise but when we talk about MSMEs, that entire perspective of cyber security or cyber-attacks changes a lot. One example for the same is that suppose there is a small MSME and suppose there is a supplier to that, now this particular MSME has some data or an intellectual property or some business related data but it has a very small quantity and when somebody tries to execute data breach or hacking attack the one who is doing it has to invest a lot of resources like time and expert icing in getting someone hacked. So when you look at the perspective of the hacker, they would better invest their time in hacking something bigger instead of this. So these MSME Are naturally immune of such organised, cyber-attacks or cyber threats.
What their vulnerable is from the external forces, there vulnerable to some automated attacks. So there are two types of attacks, one is The automated attack, and another is where they do a lot of raking on the internet and then the strategies accordingly on how to hack. So these MSME or not going to be the target of such attacks as they do not have much data. Another type of attack which is automated. Most of the automated attacks are detected and dealt with easily.
So what is actually a cyber threat for an MSME is there inside threats. They have so many people working and these people would be the biggest beneficiary if that data or any of the sensitive information or the tender bead would be lead or stolen as it has a lot of competitive value and so sometimes the people or interviewed by the competitor and they tend to see what the individual is taking along with him and that is what we call the inside of threats. Nowadays that everything is electronic and is digitalised, it is quite easy, treat to carry anything outside. These insiders hits have something which the MSME should be concerned about and these inside a threat mitigation should be the prime subject of this MSME. When talking about the cybercrime or cyber-attacks, with the perspective of MSME set up, we should mostly focus on insider threats.
Divvya: Since the need for target is quite vital for any of the company, what all are the major targets for Synersoft altogether? What do you aim on achieving till the year 2030?
Vishal: So you see when we started this company. We really wanted to develop a product which is not dependent on a specific business vertical. There would be very specific products like for example, there is an ERP for an construction company et cetera. We always wanted to develop a vertical agnostic product and it was difficult because every vertical had a different need and we had to incorporate all those needs in a single product. Whether this product is used by a chartered accountant, it will satisfy them and their requirements as well as any other engineer or any person for that matter who uses it.
That was a design approach for this particular product and in the coming years up to 2030, we have this Orizon to look at and to follow and we would like to continue that design thinking and we would love to involve more and more into the MSME verticals which can be covered by a product and other basic deliverable was IT standardisation, data, protection and information security. But now yes by 2030, we would like to add more dimensions to that. Another dimension that we would love to add would be product monitoring. As an MSME, Owner, if their team is productive, most of the people who work in the MSME tend to work on the computers , it will definitely benefit them and that is the reason why we want to add the dimension of productivity to this. Apart from this the second dimension that we want to add is that the remote commuting.
A MSME cannot manage to work from just one location as say, if it is very good in a remote area of a small town, then that MSME might not be able to acquire the perfect talent, and so it might end up being a little lower, giving results. If the same MSME is set up in Bangalore, a particular worker would not be interested into moving into a small town. So the MSME will have to allow the person to work remotely and similarly, the MSME and the senior manager or the management people tend to travel a lot. They do business development themselves, and so they need consistent access on to their IT systems which is also one another dimension which we want to add. We understand that by 2030 as we are leading the market in IT standardisation etc. for the MSME. We would be doing so for productivity and remote working also.
Divvya: What according to you are the best security solutions for all the MSMEs out there?
Vishal: Again, there are fantastic security solutions available which have been developed by the IT industry but most of the solutions are developed for a large skill usage. If focusing on the firewall, we come across two types of management. MSME or too small for this. They have inbound connections just like a bank have through its net banking apps et cetera. They actually don’t need load balancing from outside and inbound traffic.
Similarly, they are also providing multiple bandwidth as if we say somebody who is working from a very remote area, it will be a great deal for them even if they get a good broadband even. It is not like that they will get a good network to work with. And for the them to get good network, there would be a lot of capital investment which no one would be willing to do. When we talk about the best security solution for MSME, we have to focus on to what value it is giving on to them in terms of return on their investment. For us we believe that any product which is designed for small skill usage, when a product is designed as such, it will not have that many features and if that is the case it wouldn’t be so expensive and it does not have so many features.
It wouldn’t be simple also. If you have a complex product you will have higher and highly talented IT professionals to manage it and so for me if I have to define the best security solution for the MSME, it should be it should be very minimalistic on the features. Secondly, it should be reasonably priced and thirdly, it should not require highly talented IT professionals. Our design thinking approach for black box is same. We don’t ever say that we are the best but all we do is to aim to be the best. Black book is a single hardware, single software system and so we don’t load it as much. Blackbox is one third of any other company and it is also very simple to use.
Divvya: Since the subject ‘sustainability’ is now considered one of the most significant topics of discussion all over the globe, what according to you are the most sustainable factors for remote working?
Vishal: When we talk about the sustainability product, the remote working would require lot of bandwidth. Let’s see if I have 50 users working remotely, I will require a lot of bandwidth and it will consume a lot of electricity for data centres and all and so if we are aiming at the sustainable remote working solutions, we have to make sure that they are band with fuelled. Currently, majority of the remote working happens through VPN.
Any enterprise would have an application which is connected by the VPN and that VPN that application has accessed. Because VPN is something which is a very band with intensive communication mode, a lot of band with the required and if it is not the case it tends to slow down. A remote working requires lot of bandwidth and so the sustainability of the remote working company decreases. It does not only affect the environment but also creates a big value of the carbon footprint. Which is of course not having a lot of environmental friendly life.
If we need to be successful, we need to develop such products. The kind of products which can give the same user experience but at the same time at one 10th of the bandwidth and in order to do that, the term virtualisation of the applications is the right approach to make remote working more and more sustainable and we are investing into these applications. One of the products that we just launched is based on virtualisation.
We think that virtualisation being it paint with fuel we make the remote working more sustainable. Again people would continue remote working only if people or productive and remote working or else we do see a lot of announcement by very companies that the people have to be present in the office itself. All these things are happening just because the remote market may not be cost-effective. If you are not able to check the expenses on the band with, remote working, won’t be success.
Divvya: Why do you personally think that the Data centre backup is required? What is it that Synersoft is doing for the same?
Vishal: It is very the MSME need to understand this and accept it thoroughly. In the last year, Ahmedabad is a place where it rains a lot, even if there is a heavy rain fall and many other places were waterlogged and flooded, we had seen so many offices which are in the basement and they had a lot of IT system, including a few of our customers had black boxes there and everything was flooded and most of them did not know what to do because once the IT product is completely drenched in the water, you cannot really do anything about it and data recovery and everything is very expensive and time-consuming and obviously you cannot continue your business immediately.
So there has to be an of premises data back-up. It is very important. Most of the MSME has a practice of taking the track of everything on a hard disk after every week and take that hard disk home but distance to continue just one to twice a month but not in a regular basis. It is clearly vaporised, and so there has to be a background silenced data backup system which keeps your product and saves it on cloud by encrypting it. In case there is a breach encryption will provide good protection and so data centre back of his absolutely required.
Now coming to the available solutions. If you look at the solutions available by Google Amazon et cetera. They are quite expensive and few of the service providers have priced or they are working on a business model with their users per month. For example, I have 30 GB of storage of Google Drive of each user and let’s say I have hundred users and hundred terabytes of storage but I cannot store 3 TB of the data on the storage because there is a That only 30 GB can be utilised. So there has to be a concept of pool Space. It should be for per enterprise per year.
Another very important way of data centre backup is laptops. Most of the MSME users almost never have time to take backup of those laptops. If something happens to the laptop, the entire data is lost and there are several times that any organisation tends to lose their business continuity. Following this matter, and so these laptops should also be backed up Automatically in the background. So data centre back up or the cloud back up is very important.
Divvya: What all according to you are the most vital practices of data backup for the MSMEs?
Vishal: Most of the times we tend to have some backup strategies and he’s back of strategies are very good for large enterprises. Firstly, we can focus on the rain controllers that if any of it fails they have the business continually at hand, and then they have high availability of the devices and the back of happening on some other device of the same network. MSME cannot afford all these things and so they should focus on version and back up.
Most of the time what happens is that MSME takes full back up every week, most of the time, and when this happens, if in any case there is any infection or corruption of the data when they perform that particular bank of that is over written. If any MSME has to plan the back up, they have to make sure that they have the version back which means today tomorrow and every time is backed up. Let’s see today. Ransom ware has attacked and all its data is gone, in that case they should have previous day’s version back up so that at least they can restore it and continue their work.
Another most important practice is whichever bank of media is present, wherever you are taking the version back or should not be accessible on the network, as many a times, what happens is that the ransom where attacks the live data as well as Di bank of destination data and encrypts it and then you have nothing to restore from and so that has to be best back a practice and we call it as the disconnect connect process where whenever you are taking a version back up, always disconnect your source of data from the entire network and whenever you are back up is over and whenever you are connecting your source of data to the entire data, you always should disconnect your entire network connection.
So first disconnecting your source of backup, connect, your destination of the backup, take the backup, disconnect the destination of the back-up and the major source of the pack up and then connect the source of the back-up. It will not allow the ransom ware to spread across your back ups and this is the best practice and we have seen many organisations have saved their fortunes by following this, and in the case of ransom where there was no panic.
Divvya: As Synersoft believes that ‘Blackbox is IT in a box solution which can suffice the domain controller, backup system etc.’ , how would you say it is true?
Vishal: Let’s see if any organisation has to create a standard IT system, which could be on prime is on cloud or anywhere, the core services required from that IT infrastructure is same.
For policy is one has to involve in the domain controller or that again another hardware is required, server, operating system is required and then will need endpoint controllers to control the USB ports and endpoints. Then one requires storage like nice device or something where the backup can happen as well as the archival can happen and in one requires the good distribution or email backup system where the people would like to keep the backup of their emails also and then one requires a good firewall so that they are protected from any external attack and also the VPN server.
Also in case they want a few users to access. Most of the solutions are either software or hardware provided by different companies. So the integration of all these components or standardisation of the infrastructure becomes complex and expensive also. And so what we have seen is that all these systems have lot of features and the MSME don’t require all those features. So we tend to follow a principle which is called design principle that 20% of the features would hundred percent satisfied 80% of the market.
So just like I have my mobile phone which might be loaded with hundred loaded features but I might be using only 20 features. So we follow that principle and we found out the most prioritised features the MSME would require and they were indeed 20%. And by just getting those 20%, we could save a lot of hardware resources required to run or host those services and that’s how instead of having it different software and hardware system we could make it run on a single hardware which saved a lot of cost. And the bonuses all these services talk to each other.
Otherwise when you have IT infrastructure by integration of so many other products, they don’t really talk to each other like fire ball would never talk to file server. In IT in a box solution or any other or firewall, talks to the file server. What example the user goes to the Google Drive, the firewall will instruct the fire server to isolate the data so that the user cannot upload that data on Google drive to prevent for the data to be leaked.
Divvya: How do you think that the situations of data being stolen can be avoided altogether? What has Blackbox contributed for the prevention of the data theft?
Vishal: There are two different approaches to data theft prevention. The first one is monitoring. For example, we tend to monitor everything and we generate every single log, and we tend to monitor that log and over and about we have some new viewers, dashboards who can monitor it, and as soon as we find anything which is suspicious we immediately get into it and enquire it deeply, which is one way of preventing data theft.
It is possible for a very large enterprises who have IT departments or teams. When considering the MSME, it does not have a team who have an enough time to monitor all these things and so for them. This particular approach of data theft, Prevention really does not work and it is not practically possible for the M SMEs and do it generates a lot of alerts, there is nobody to respond to. So our approach is to provide maximum approach.
What example in an MSME, there are 30 users, and now the owner knows that out of those 30 users, 15 of them are not at all interfacing the world and they need internal communication. They are not supposed to send any email to any outsider party. In Black box, you can make a policy that these particular 15 users can send emails internally only. Then by default, they cannot send the data or League the data to an outsider which is a control.
You do not have to monitor those 15 users. Now let’s say the rest of the 15 user of the organisation is aware that these are the well trusted guys who require to connect with the world, then they are aware about the customers whom they have to connect with. Even those who or allowed to send data and emails outside of the internal matters, the company is aware about their customers and so there is no way of the data leakage.
Then what happens that we have already controlled it and even if any particular guy has not sent any email beyond these particular customers and so we do not have to monitor it at all. We have created a magic browser that any organisation which requires various websites like GST, banking et cetera will be available but not the Google Drive and if they have to approve the Google Drive or dropbox or anything else which is not allowed by the organisation, the user does not have to go to the Owner or anyone else to get there things permitted.
Magic browser is designed such that that you can download the data, but you cannot upload the data. Then the organisation owner or the IT manager is not worried and even if you visit the Google Drive as many times as you want, there is no problem.
Divvya: What was the major idea behind Blackbox’s ‘Innovative tech vaults and workspaces’?
Vishal: Basically the same thing which is the disconnect connect. Disconnect connect. Theoretically it is a scientifically very much known and understood thing but how to get that done. Considering in MSME, you don’t have a very highly and modernised solution and any of the human error is commonly possible and so we wanted to automate the disconnect. We designed world and workspace and what we have done here is that the world is something which is containing all the data which is accessed by the user but not modified.
Let’s say we have just completed or this year audit and whatever our audited accounts are not subjected to any change but the user would require to check the last year’s account for many purposes but they’re not going to make any changes are there on audited. So we transfer that kind of data in volt and involve any data is edit locked.
No, even a random strikes, that data would not be affected as it will not allow the ransom ware to edit the data and so the world will solve that purpose now workspace or regularly working on a date to day basis where we cannot make the data it is locked, but 20% of the data will be where do uses are regularly working. When you have lesser data to protect, you have already protected majority of the data in your world by making it edit logged but now the smaller version of the data which you need to protect you can very well efficiently define version and beg for that, and you can even maintain more version of the data so that gives you lot of flexibility and that’s how old and workspace work.
Divvya: What are the benefits of the Active Global Recycle Bin? And if the data is restored easily, how can it be considered safe enough for it to not get stolen?
Vishal: There are three things. First, most of the MSMEs do not have users working individually and they work on a network. Let’s say there is a project going on and one engineer is using a drawing of one component and another is using something else and then they have to collaborate with each other. So normally they have a project folder which is stored on a network or on the cloud and then they access the files with each other.
You have to as an admin have the permission to have multiple people on single folder. Now what happens that out of multiple folders and out of the multiple people, one person accidentally delete something from that, then it is very difficult to find out who has deleted what and that is where it gets confusing if the person has deleted it Which tends to get even more dangerous. Whenever any data which is shift deleted , will be captured in an active recycle bin somewhere in the black box in the storage and so if in case after sometime the enterprise realises the user had intentionally deleted the data, they can easily restore it from there. The access to the recycle bill is not for the users, it is only with the admin.
Well, the users active recycle bin is restored the user policy, the internet policy all the email policy with that maximum control, minimum monitoring approach would be active so we cannot really steal the data.
Divvya: Why do you think that the awareness of the DLP software is required in the tech community?
Vishal: Basically business continuity is something which we have to be very serious about. In India, what happens that the manpower is not as expensive as the western countries. They understand the value of the human hours and man hours and we don’t really appreciate that and that is the reason we are not really sensitive to this matter. So business cannot continue because of data loss. As these losses are not recoverable and many organisations are not able to come back after them. And that is the reason for the sake of business continuity. Every organisation should have DLP policy and strategy.
Divvya: Do you think that the small companies require the DLP software as much as the big corporations do?
Vishal: Everyone requires it. Let’s say for example, a small company is a supplier to a big company. We all know that Mercedes is a big company and they must have exchanged some design to that small company and they must have had their agreement. So the small company also tends to get bind with it. Another part of it is that if any problem occurs into the IT system and it could not deliver something due to some ransom ware attack, then the particular company would blacklist them. Every company has their own data and that data is basically their life. If they lose it by any chance, they would not be living at all. So for any of the small company, the DLP is required.