How did the journey of Panacea Infosec begin?
After working for over 2 decades in the industry, I started this company in 2012 with the objective to provide quality security services to clients who are not well versed with the technology of security services, and to create a workforce which would be able to provide a long-term security service to the industry. The journey has been a roller coaster since the demand had always been high, and the quality supply has been less. Though we started as a cyber security company, but the industry was not very matured to understand the complications of IT threats.
What is the objective of Panacea Infosec and what all client services do you offer?
Panacea Infosec provides a holistic coverage to their client, which covers services like IT Infrastructure, vulnerability assessment and pan testing, and all other security services like apprehension test, cold review, and to provide security to payment portals. Our primary job is to support all the entities which are working in the cyber security space. The objective is to make them stable, and not vulnerable to cybercrimes as we move towards cashless society.
While working with different OEMs and solution providers, are you vendor agnostic for your customers?
Our job is to access technology, process and people; thus, we are a vendor agnostic company. We access the configuration of our clients’ technologies and how it is used in their network. The technology can be a network device, a security device, or an installed software to provide services to the client. We make sure if the process is strong enough to handle any breach or attack by exterior hacking. We never recommend a specific company, a product or technology to our clients, we are very vendor neutral.
What’s the operating model of Panacea Infosec?
There are numerous payment gateways which are working in the same chain where RBI is working, and any such entity working in the Fintech sector are answerable to RBI and they are responsible to protect customer data. We cater to these payment gateways, payment aggregators, e-commerce merchants and companies which are providing services to payment gateways and banks, for e.g., company into settlements, a company into making of debit and credit cards, a cheque book printing company etc.
How has the pandemic affected the heterogeneous online models that have emerged, and how has Panacea Infosec coped with the same?
Life has been critical since the last 18 months amidst this pandemic, not only to our clients but to us as a company and individuals as well. We thought that now work is going to be a happy staycation for us, but it turned out the other way and bought a lot of challenges. A major part of our challenge was, when in a WFH model, it was difficult to access who was entering the network, it was difficult to monitor what they were operating in their home network. But definitely we came up with solutions to deploy technologies like DLP and VPN to manage these challenges. But we still are adapting to the hybrid situation. Another challenge was verification of configurations over the virtual office, since a lot of information was sensitive and vulnerable. We adapted to the signing of NDAs, but now we have created scripts to fetch these configurations and sanitize the server automatically.
How has the dynamics changed with clients on the compliances from pre-pandemic to pandemic times?
As most of the NDAs and compliances were served before pandemic, it was a dynamic change but our clients have been adaptive and supportive so we resigned NDAs with them. And for the middle-sized companies, we assisted them with compliances and shared pre-defined policies and NDAs with them from our end to not suck up their resources.
What challenges did you face to re-skill your auditors with the changing dynamics during pandemic?
This was a big internal challenge we faced as a company, because a lot of times we were hindered from the sensitive information required for the audit process. To overcome this challenge, we started taking training sessions with our team of auditors to re-skill them with the required skills to access the sensitive information from clients. We also deployed VPS systems from our end for the sake of the data security. It was a challenge, but out IT team ensured that the safety isn’t compromised at all.
Which are the verticals where you get the maximum traction?
Though we started with payment gateways and banks, but we can cater to all merchants like ‘Grab’, a taxi service in Singapore, Just Dial, Tech Mahindra, PVR, and start-up companies like Nykaa, travel companies like Red Bus etc. can be on our client roaster. Any company operating on cyber space and is handling customer data can be our client.
What is the go-to market strategy for Panacea Infosec?
When we started in 2012, we had the liberty to start as a small company and provide all the services, and we adopted the go-to market strategy as becoming a niche company working around payment security specialist since there were not a lot of companies that were into that at that time. Later we moved ahead with RBI audits, Insurance sector audit and security training etc. We are now leading multiple verticals and we are very proud of that.
What are the focus areas for the next few quarters in terms of product portfolio or service expansion for the company?
We areas of now leading in, assessment and auditing services, so I would rather not leave my focus from here. We do understand that there are so many initiatives to leverage with the diversity of client roaster we have for e.g, AI auditing, cyber security insurance, IOT assessments etc. Our objective is to get into IOT assessment and certification and AI auditing. And another sector we look forward to is Cyber Security Insurance, we are planning to shake hands with companies who are working in this sector in India.
What is the operating business model for Cyber Risk assessments or Insurance management for Panacea Infosec?
We are not matter experts when it comes to cyber space insurance risk management; we are rather subject matter experts when it comes to IT Risk or Cyber Risk, we would plan an alliance who is expert in the risk assessment industry to start providing Cyber Risk Insurance.
Discussion about this post