With the world moving online at an unprecedented pace, there is a heightening vulnerability when it comes to cybersecurity. Just in the past few months alone, we have seen a ransomware attack against K-Electric and data breaches at Bykea and Swvl.
Expand the timeline a little further and you get names like Careem and BankIslami joining the ranks. What should be obvious by now is that investments in technology infrastructure and teams aren’t being complemented by security concerns or at least capabilities. But that’s a challenge, and an opportunity this Karachi-based startup wants to take head on.
Meet Cloudnosys, a software for cloud security and compliance. It integrates with your system and lets companies audit the existing technology infrastructure without any expert knowledge of the technicalities, while also helping them achieve the relevant standards (such as General Data Protection Regulation or The Health Insurance Portability and Accountability Act, depending on the geography and industry).
All of this works on a checklist style that you can see from the dashboard, with the platform spelling out high and low risk areas and suggesting remedies as well. What more, it gives a clear workflow to follow in order to improve cyber security in weak areas. You can zoom in to find out which users are lacking where or the standing with respect to each server the data is hosted on.
Unlike on-premise servers where one basically owns the data centres and can pull the plug as a last resort, public cloud is built on a community basis that in a way results in loss of control. And despite the checks and balances meant to ensure security of the infrastructure by the service provider, the shared responsibility model delegates the operational maintenance to an individual client. That means contrary to the popular belief, hosting data with, say, Amazon or Microsoft doesn’t mean the cybersecurity headache ends there.
However, in the case of Pakistan, cybersecurity doesn’t exactly feature among the top headaches at organisations, at least beyond clearing audits by regulators if applicable. Whatever little landscape that does exist is mostly served by managed service providers, which act as IT consultants, offering customised solutions, reselling global products locally or conducting trainings. As far as the product-based ecosystem is concerned, it’s largely missing.
Cloudnosys spun out as a separate product from Atompoint, a tech company operating out of Karachi. “We used to make Wordpress themes and plugins, of which some got popular. Then in 2017, my partner — Kamran Mahboob — who lives Atlanta, spoke to me about the growing proliferation of cloud and how that creates a need for enhanced security. Soon after, we started developing the software and finally launched it in 2019,” founder CEO Yunus Jamal tells Dawn.
As for the funds, Yunus and co are currently bootstrapping and plan to keep it as such, at least until boarding 15 or more medium/large enterprise clients. Regarding the business model, you probably guessed it: the startup’s revenues come from subscriptions with plans starting from $499 a month which comes with 100 ‘instances’ and two compliance standards among other things.
Then come the work group and growing packages at price tags of $1,250 and $2,500, and finally there’s the enterprise option for customisable features and rate.
With that pricing, one naturally wonders how many can even afford this software? After all, there are not a lot of companies, definitely not in Pakistan, that can or are at least willing to dole out such an amount for cybersecurity needs? That too for an agent-less product?
“The cost of running this product for us is high, so we need to first position ourselves in the enterprise market before expanding into the SME with more basic features,” the founder says.
Within the cloud security software space, the startup is directly up against Armor, a well-established Texas-based company operating in the industry for over a decade with almost $150 million funding. There’s also AT&T Cybersecurity, which acquired AlienVault, to consolidate its position in this space. But the founder is confident of his product.
“Our unique selling point is flexibility and centralisation of security monitoring. Cloudnosys can accommodate enterprises by letting them integrate their own security scripts and third-party tools. This allows us to provide full end-to-end monitoring and response for all layers of the application and not just the cloud,” explains Jamal.
With regards to the latter, he says: “First of all, their solution is 5x more expensive, starting at $7,000. They have security tools, rather than a platform which means it basically lacks flexibility and integration with other external platforms.”
Keeping all my blabbering aside, what’s the scope for a product catering to cloud security when on-premise data centres reign supreme in our country? “As a follower market, we will eventually make the move towards cloud and cybersecurity. It’s only a matter of time,” opines Jamal.
He has a point. In fact, just on September 28, the State Bank of Pakistan issued a circular allowing financial institutions - which despite their many shortcomings are still perhaps the most regulated players in terms of cybersecurity - to host their non-critical data on cloud servers. Once that transition kicks in, there would be an increased need for security and with that, possibly a more willing market for Cloudnosys.
Published in Dawn, October 4th, 2020