TRANSFORMING BUSINESS DEVELOPMENT
SummIT—THE TECHNOLOGY CELL, NMIMS
EDITOR’S NOTE
TEAM SUMMIT
“Privacy is one of the biggest problems in this new electronic age” —Andrew Grove, Former CEO, Intel. Dear Readers,
President
In today’s Internet of Things, we are more connected than ever before. However, “WE ARE BEING WATCHED”. The data we put on the Internet isn’t so secure and private after all! In this edition, we explore the intriguing trade-offs, which the technological community strives to achieve between surveillance technologies and privacy.
ARJUN KRISHNAN Vice President PRATYUSH PANDA Creatives Head MEGHNA GUPTA Editorials Head VIBHU VATSALA SOOD Events Head RIDDHI KUNDU New Initiatives Head TARUN GUPTA
SummIT- The Technology Cell of NMIMS, presents to you our January newsletter ‘IDEATE’ on the theme “Data privacy – The price we pay for technology”. This edition includes an exclusive chat with Mr. Prakash Baskaran, CEO, Pawaa Software, focusing on data security as a service and Pawaa’s work in the realm of Information Rights Management. Also, we bring to you, the two best articles on the cover theme selected from amongst the huge number of entries received from business schools across India. It is our constant endeavour at SummIT to keep our readers abreast with the latest technological innovations that have the potential to make an impact in the coming future. The Techbytes section looks at two such disruptive innovations Detekt and Rico. To promote and honour the spirit of entrepreneurship in technology, in this edition, we take a closer look at two startups – Pawaa and Bitglass. We thank the authors and the esteemed guest for their valuable contributions. We are also grateful to our readers’ constant patronage which has encouraged IDEATE to reach new heights. We would love to hear from you, for any feedback or suggestions, please feel free to write in to us at summit@nmims.org. Enjoy Reading!! -The Editor, iDEATE
IDEATE JANUARY 2015
WHAT IS IN STORE...
PAWAA SOFTWARE : CHAT WITH THE CEO PRIVACY : THE PRICE WE PAY FOR TECHNOLOGY GOVERNMENT SNOOPING : JUSTIFIED?
TECH BYTES STARTUPS
IDEATE JANUARY 2015
INTERVIEW
TECH CHAT WITH PRAKASH BASKARAN CEO, Pawaa software "Mr. Prakash Baskaran has been a serial entrepreneur. He started his career working with giants like IBM, AT&T and later forayed into the world of startups working with several companies in different domains before starting his own venture in the techspace to deal with data security. SummIT is glad to present the highlights of the interview with Mr. Baskaran on Pawaa.
Tell us something about yourself. I come from a family of traders and we have traditionally been in business. Perhaps in some sense, I was a black sheep of the family. I studied engineering unlike others in the clan, and went on to do Masters from US; I also worked for large corporations like IBM, Lucent and AT&T. I later drifted into providing technology consulting; I joined a company called Xcelerate that provided consulting to start -ups in getting into the B2B marketplaces. The job was to consult with my start-up customers in investing in off-the-shelf products or developing their own market
1
place. That is when I was first introduced to the exciting world of start-ups. After 3 years at Xcelerate, at the peak of the internet boom, I started my first company, which provided the same technology consulting services. After the bust of B2B, I went to do an MBA in 2001 and then ran a small healthcare lab. A couple of years later, I shifted back to India. My next initiative was in the HR space for creating platform and standards to streamline online recruiting. Later, I started a company to offer calling services using Voice over IP to leverage the cost arbitrage from India. I ran this for about 4-5 years.
IDEATE JANUARY 2015
INTERVIEW
You might wish to call me a serial entrepreneur, because next I went on to start a company, which was neither geographically dependent, nor vertically focused. I always wanted to create something that had a much wider applicability like data security. That was a ‘voila’ moment and I started Pawaa. With proliferation of web connected devices and smart components generating too much data, security is going to become very important. Information security is tied to devices; the content largely is still insecure. With mobility, Internet and cloud, data security is imperative. However, we cannot view security in isolation; there is so much to it in terms of network security, device security etc. Just securing devices is not enough, we need to be able to secure content and that is just as significant. Why does IRM – Information Rights Management face resistance? The traditional paradigm of IRM was to
IDEATE JANUARY 2015
tightly integrate the four aspects of authentication & authorisation, encryption & decryption, policy management and policy enforcement. This old-fashioned way has to change. With our approach, we can authorize the user based on any type of authentication source – OAuth (google, yahoo, live, box, etc.), AD/LDAP, OTP (one time passwords), Secure tokens, device ids, certificates, among other means; thus obviating need for maintaining multiple identities. Why is IRM not very popular? IRM, due to its faulty development has not been well received by customers. Microsoft requires one to authorize against Active Directory. For instance, Microsoft forces one to use document types from their ecosystem. Consider if your organization is using Google Apps for mail and OneDrive for cloud storage, what is one supposed to do in that case. The tight integration of authentication & authorisation, encryption & decryption, policy management and policy enforcement, is undoing the IRM software. This compels people to maintain multiple identities, limits the use cases, limits the supported applications and eventually creates a Snowden situation within any organization. With our approach, we can support multiple types of file transactions, since the four components are 2
INTERVIEW loosely connected. By late binding the policy to the encrypted objects to the four aspects of IRM, true flexibility can be achieved. This allows protecting email attachments, files that are stored and shared via cloud storage, files that are downloaded from content repositories and reports that are generated from enterprise and cloud applications. What is Pawaa’s vision for future of IRM? The platform that we have created has given birth to many products and solutions. SecurelyShare – our hosted ‘Data security as a service’ is one such solution built on top of our own technology platform. This will separate identity management from key management. SecurelyShare allows us to authenticate with any service provider’s authentication system – say a cloud service provider or an email service provider. Our hosted solution has ‘time limited’ passwords delivered via authorized users email address as a means to authenticate & authorize the users. Besides this, large corporations have traditionally used IRM. We want to extend the reach of IRM to Small and Medium Enterprises and Professional Consumers (Prosumers, so to speak). By launching SecurelyShare, we hope to offer Data Security as a service, which is an extremely easy way to secure your data and share with only authorized users. Another example
3
that demonstrates the ease of use of our technology is our integration with cloud storage providers. With pawaaBOX, we have introduced one-touch encryption/ decryption. The content is automatically encrypted before it touches the network and the cloud – be it Dropbox, Google Drive, Box or One drive. Only an authorized person can then access the content, by authenticating against the identity management of the cloud service provider. How large is the IRM market and can it grow? While it is difficult to estimate the Microsoft market, since it is bundled with software, it is safe to say that the present market is around $ 100 million for other IRM vendors put together. However, the potential for IRM is huge. Just the password protection of PDF documents could be multi-billion dollar industry. Not much innovation has happened in this field here. Today’s solutions cannot offer the level of ease the password protected pdf offers. With our approach of no identity management, we can potentially provide a much stronger security alternative for password-protected pdf. Besides, cloud computing offers tremendous role for IRM when data moves from one device to another, to the cloud and to the collaborators.
IDEATE JANUARY 2015
ARTICLE
GOVERNMENT SNOOPING: JUSTIFIED? —Ravi Singh, SBM NMIMS It is hard to imagine what Edward Snowden was thinking during his flight to Hong Kong from Hawaii. He was carrying four laptops, which would allow him to access highly classified documents of the supersecret spy agency of the US Government, the National Security Agency (NSA). As Guardian Journalists, Ewen MacAskill and Glenn Greenwald and documentary film maker Laura Poitras debriefed Snowden, they realised this was not a normal scoop. The whistle-blower changed the world’s perception of technical surveillance and brought back the focus on the unresolved questions – Is all this Spying justified? Is it legal? Is individual privacy so easy to breach?
IDEATE JANUARY 2015
Both the NSA & GCHQ (UK Technical Intelligence Agency) along with other allied intelligence agencies have developed a Global Surveillance System. A clandestine mass electronic data mining programme called “PRISM” was created by NSA post 9/11 .Telecom giants like Verizon, Vodafone and others have been forced to part away with data about their customers to US Government by Federal Court Order under FISA (Foreign intelligence Surveillance) Act. Internet giants like Google, Apple, Facebook, Yahoo & Twitter have reported increasing requests from US Government. Government surveillance through tech companies is not a new phenomenon.
4
ARTICLE What has changed is the magnitude of data being stored and the way it is being acquired. Most of the internet giants and their servers are located on the US soil. Major Global undersea communications cables pass through landing stations in US or their European Allies. A large amount of global electronic communication flows through these servers and cables. The surveillance program has been sweeping through internet - Meta data of millions of internet users irrespective of their nationality. As per leaked internal documents, the NSA has used backdoors planted in software and hardware to access private data without warrants. Zero-day vulnerabilities are very hard to detect and can be exploited for a very long time before being fixed. Further, GCHQ the UK counter part of NSA has, as per leaked documents, manually tapped into undersea cables of Reliance Communications and other players, to access data coming from Asia, Africa & Middle East. Although surveillance of foreign governments, institutions & individuals is legally allowed, warrantless surveillance of their own people has shocked US citizens. Using a backdoor search loophole in existing laws, NSA was allowed to use Google type system to search information about US citizens from centralized databases. This was done by using section 702 of FISA 5
Amendments Act, which allowed surveillance without individual warrants if both targets were foreign. However, this was not the case and many times data about US citizens were illegally stored and accessed. The mass surveillance programmes have infuriated not only US/UK citizens but also their allies. GCHQ had allegedly also hacked into G20 meetings held in 2009 in London. It was also alleged that NSA had hacked into German Chancellor and Brazilian President’s personal phones. All this has critically damaged US/UK relations with other countries. People today are more wary of US tech giants who cannot be trusted with their personal data. There has been a global backlash against technology products, which are ‘Made in America’. Countries today are encouraging regional online traffic to be routed locally rather than going through USA, which could affect tech giants in Silicon Valley. Government snooping in not so democratic countries is an open secret with only unofficial information being available. Without oversight and checks-andbalances intelligence gathering is prone to abuse by the powerful. The Chinese Government had used censors to prevent its own citizen from accessing available information to innocuously prevent ‘Rumours’
IDEATE JANUARY 2015
ARTICLE from spreading and causing ‘Destabilization’. Many countries on the other hand have never publicly declared that they gather Technical Intelligence through information interception, which by their own laws is illegal. Even intelligence services in democratic countries have been caught using surveillance systems to monitor internal dissents, political developments and personal lives of citizens, as per the orders of their political masters. In spite of being at the receiving end of the mass surveillance programs, Indian Government has reacted in a restrained manner. Part of this reaction could be related to surveillance programs currently running in India and partly because after facing multiple terrorist attacks, India realizes the necessity of this electronic intelligence gathering.
started catching up with the technical revolution, they acquired capabilities to intercept telephonic conversations, smses, chats, e-mails and other internet communications. In response to threat from global terrorists, the government established National Technical Research Organization (NTRO), which is India’s NSA. With increasing capabilities, the government today has a vast pool of data at its disposal with little legal guidelines for analysing it without violating an individual’s right to privacy. NTRO and host of other intelligence agencies have themselves been monitoring Indian citizens through Telecomm companies in every major city. In case of Blackberry where the Intelligence agencies were not able to crack the encryption, the company was forced to keep their servers in India and route their traffic through them, allowing the government to snoop into the encrypted mails.
Since 2005, as Indian intelligence agencies
IDEATE JANUARY 2015
6
ARTICLE The most intrusive system under their arsenal is an off-the air CDMA/GSM monitoring device which can be used for “fishing expeditions” under Project “FOX”. It allows the user to grab any telephone communication off the air in a 2km area. The device hooks on to the phone and allows tracking, bypassing the telephone companies. In response to 26/11 attacks, Dept. of Telecommunications announced in 2012 that a Central Monitoring System (CMS) will be setup for “lawful interception & monitoring”. It is not clear, but highly likely that all the intelligence agencies in India will be able to access this system. Issues in decryption and lack of VoIP tracking capabilities have delayed the project. Article 21 of the Indian Constitution says that – “You cannot do anything that invades the life and liberty of people”. The Indian Telegraph Act (1885), the Indian Telegraph Rules (1951) and the Information Technology Act (2000) provide the legal basis for interception. The law covers threats to critical infrastructure, internet privacy, and gives a detection and response framework. However, none of the existing laws provides legal oversight for Project Fox or an all-intrusive surveillance program under CMS. Absence of data detection laws means that there is no clarity on how the information is collect7
ed, stored, who accesses it and how long will it be retained. In a world filled with threats for a nation from other nations, terrorist organizations, sometimes from within – spying will continue. In the intelligence game, “The successes are not known, but the failures are”. It is without doubt that the threats to the free world are increasingly using the latest technology to instruct, communicate, disseminate propaganda and planning increasing magnitude of attacks. Technical intelligence capabilities of any nation is the first line of defence to prevent such attacks. There cannot be 100% privacy for any individual today. In such a scenario, existence and even necessity of technical surveillance of electronic communications should not come as a surprise. However, as the world is becoming more and more connected, technology has made it possible for government or even individuals to access private information of almost anyone who is on the internet. Even in liberal democracies, governments are urging citizens to place their faith in all-encompassing surveillance programs. The civil society has just realised this and in India, despite the NSA leaks, there has been no concrete discussion. To this day, there is no international law to act as a
IDEATE JANUARY 2015
ARTICLE guide for legal snooping by governments. Every country has its own laws based on their requirements, which are prone to misuse. There has been a lack of will among political class to bring surveillance programs under political oversight. US Senate recently rejected USA Freedom Act, a bill introduced in 2013, after the Snowden leaks to end the NSA’s ongoing daily collection of practically all US phone data. In India too, there is no law governing intelligence agencies like RAW and NTRO. Governments are not sure where to draw a line between protecting their citizens and violating their rights. The Snowden leaks has made us realize that it is time we decide where the line is and make sure that government across the world follow the rules. If we do not then soon, privacy might just become a thing of the past.
RAVI SINGH Ravi Singh is a Second Year (Marketing) student at SBM NMIMS, Mumbai. His hobbies include swimming, reading and following technology news.
References
Guardian Newspaper : Edward Snowden Files
Takshashila Institution : Discussion on India’s Central Monitoring system, By Rohan Joshi
A Fox on a Fishing Expedition : By Saikat Datta, Outlook Magazine, May
IDEATE JANUARY 2015
8
ARTICLE
PRIVACY: THE PRICE WE PAY FOR TECHNOLOGY —Debroop Banerjee, SBM NMIMS With the advent of technology, the world has advanced by leaps and bounds. Personal computers, laptops, tablets, smartphones and the social media have proved the term ‘The world is a small place’ correct. However, there have been incidents like ‘The Celebgate’, ‘The Fappening’, the ‘Sony Pictures Entertainment Hacking Scandal’ and the ‘Microsoft Xbox Live and Sony PlayStation online attack’ incidents. These incidents have raised serious concerns regarding the privacy of data. Hacking groups like the Guardians of Peace, Anonymous, The Blackhole cybercrime gang and The Lizard Squad have brought the vulnerabilities of the digital age to the forefront. As modern technol-
5 9
ogy becomes more and more intertwined with our lives, it has the tendency to influence us in undesirable ways. We live in a surveillance society. Greatest privacy invasion is our cell phones, which disclose our personal details to the rest of the world, without our knowledge.
Current Scenario Every day we are submitting some information or other in the digital space. But is our privacy being breached? Digital experts across the planet have been increasingly vocal in favour of some legislations or regulations, which ensure the security and confidentiality of the collected data.
IDEATE IDEATEFEBRUARY JANUARY 2015 2015
ARTICLE However, it is extremely difficult to bring homogeneity across various legislations and countries. Data theft incidents as well as government snooping is on the rise. Some of the major concerns regarding data privacy are-
Cookie Profiling- It is the process by which marketers purchase the rights from a website to track a user’s activities online. Whenever a user visits a website, a cookie is stored in the user’s device through which the user’s device can be uniquely identified. The cookies track all the websites the user visits, which helps the marketers identify the user’s age, marital status, political and religious inclinations. Accordingly, advertisements are displayed to the user. Though this is done anonymously, the entire process is unknown to the user. Social networking sites like Facebook, Google+ and Flickr are some of the biggest facilitators of this kind of security breach. Facebook stores two types of cookies in the user’s device, which lets them, track the user’s activities both online, as well as offline. Other than this, the ‘Like’ and ‘Share’ buttons help Facebook keep a track of the user’s activities and passing them on to relevant advertisers. Facebook has already been involved in numerous controversies because of storing and sharing user’s information
IDEATE IDEATEFEBRUARY JANUARY 2015 2015
without their consent. In 2012, the European Union came up with ‘Data Protection Regulation’ in response to such growing concerns about cookie profiling and internet privacy. Location Tracking- The cellular network service providers record the location of users but those are shared only with the Police or Governmental Agencies as and when mandated by court orders. However, with the advent of smartphones and apps, the location of a user is easily available to third parties without the assent of the user. For example, Apple’s I-Phone has been widely criticized for its feature to store user’s location in a secret file. The record includes the latitude and longitude of the user along with the timestamp. This allows the user’s location to be monitored on a continuous basis. Similarly, Google’s “Latitude” feature was criticized due to similar privacy concerns. Google in its defence claims that it is a feature, which the user himself/herself assigns. Apple proved its legitimacy by displaying the 15,200-word T&C document, which users need to accept before using Apple products. Apps like Angry Birds too store the user’s location. These things are a serious threat to one’s privacy. The only blessing in disguise has been the arrest of dreaded criminals like Rodney Knight and
10 6
ARTICLE Maxi Sopo, who could be traced because of such location tracking services.
Cloud Computing- Cost efficiency and flexibility are the two main advantages that cloud computing offers. However, it also has disadvantages like network latency and security concerns. Ever since the Edward Snowden incident, there have been growing concerns regarding security over cloud networks. There have been allegations of The US government spying on the cloud networks of both government and private organizations of other countries. The leakage of 5 million Gmail passwords as well as incidents like The Celebgate and The Fappening, have raised several questions over the security and privacy of cloud storage. Dropbox, a pioneer in cloud storage has been involved in several controversies, ever since its inception. Bring Your Own Device (BYOD) policies encouraged by many companies these days, pose great challenges to security and confidentiality. In addition, the challenges of imposing 11
cyber laws on cloud computing are several. Employee Monitoring- This is another case of privacy intrusion. Monitoring emails, duration of breaks, etc. are practices adopted by companies to increase employee productivity. However, they lead only to increased levels of work stress and demoralize the employees. Companies like Dow Chemicals Company, The New York Times, IBM and AT&T have fired employees whom they have found to be less productive using their respective monitoring techniques. Such incidents have drawn sharp criticism from institutions like The American Civil Liberties Union and National Work Rights Institute. Monitoring software like Assentor and key loggers are being used by more and more organizations. The usage of CCTV’s and monitoring telephone call records are also on the rise. Facial Recognition Data- around 300 million photos are shared on Facebook every day. These innocent posting and tagging of pictures paves way for the creation of “faceprint” databases. When someone tags his/her friend, Facebook uses those tags to create a detailed “Faceprint” of how people look from different angles. This data is mostly used for security purposes by the country’s security agency. It
IDEATE JANUARY 2015
ARTICLE It is used to keep a check on criminals, citizenship applications and give security agencies a wider range of images other than documents like the driving license, social security number, etc. This data, if made available to third parties could pose serious security concerns. Like someone once said- “When you are online, you are no longer private”. Not only Facebook, companies like Apple and Google have developed apps based on Facial Recognition Data. The data collected through face scan can be passed onto surveillance drones, and other surveillance technologies, which will help in identifying people within a crowd. Thus the larger the scope it creates for technology to invest upon, the more it adds to the vulnerability of the user’s privacy.
Government Snooping- The government of a country is faced with the tough choice between guaranteeing the security
IDEATE IDEATEFEBRUARY JANUARY 2015 2015
of its citizens and ensuring their privacy. The United States of America is the pioneer in this field. Project Shamrock and Project Minaret were some of their earliest spying ventures. Currently, The National Security Agency (NSA), along with the FBI and CIA are responsible for the country’s security. However, there have been several allegations against them. The WikiLeaks incident brought the entire incident to the forefront. Whistle-blowers like Edward Snowden and Julian Assange were victimized, but their revelations have been proved to be true. The NSA has also been alleged to have spied upon The Pakistan People’s Party, The Bharatiya Janata Party (India) and Egypt’s Muslim Brotherhood. Addressing the issues- Companies like NetSuite, Cisco and Akamai Technologies are looking at ways to allay the fears of digital espionage of their customers. In order to protect their profit margins, they are constructing data centres outside US. Recently, Apple pushed out its first-ever automated security updates to fix security vulnerabilities in the network time protocol (NTP) of it OS X operating systems. Blockchain, the bitcoin wallet provider has beefed up its online security ever since the “private keys” incident occurred. SpiderOak, another US-based cloud service provider restricts access to user 12 6
ARTICLE data by using client-side encryption key creation and encrypted cloud storage. However, the USA has about 20 sector specific or medium specific national privacy or data security laws and hundreds of such laws among its 50 states. (California alone has more than 25 state privacy and data security laws), these laws are yet to be executed well and are full of loopholes. The US is also trying to mitigate growing security concerns by promoting secure mesh networks to foil digital spying. In India, The Information Technology Act, 2000 and The Privacy Rules, 2011 aim to tackle such security risks. Conclusion- There have been numerous debates on the issue of privacy since long. With Facebook and Google facing resistance in China, things have taken a political turn. The Dutch Data Protection Agency is planning to impose a fine to the tune of $18.6 million on Google on charges of violating the privacy of Dutch citizens. The Sony Pictures Entertainment leak has led to increased tensions between The US and North Korea. There is a continuous debate on how much to share and what to share.
Though marketers feel that using user data helps them serve the users better, pro-privacy supporters believe that the users’ consent is mandatory. Involving the citizens in decision-making, enforcing stricter and ethical laws and mutual trust and co-operation between nations are the only way forward in this digital age.
DEBROOP BANERJEE Debroop Banerjee is a First Year student at SBM NMIMS, Mumbai. Prior to joining NMIMS, he was working with Tata Consultancy Services Limited. Travelling, reading and exploring new places are a few of his hobbies.
References
13
https://theoldspeakjournal.wordpress.com/tag/illegal-surveillance/
http://www.edrm.net/resources/data-privacy-protection/data-protection-laws/
IDEATE JANUARY 2015
TECHBYTES
DETEKT
Communication surveillance technologies are being adopted in increasing numbers by governments, corporations and individuals. Such spyware helps to eavesdrop on VOIP conversations, read personal mails and provides unauthorized access to users’ documents. Some of this software are widely available on the Internet, while some more sophisticated alternatives are made and sold by private companies based in industrialized countries to state law enforcement and intelligence agencies in countries across the world. Repressive governments and organizations are using them for serious human rights violations and abuses, as there are hardly any laws to regulate the usage of such technologies.
malware that many governmentsponsored hackers are known to use to spy on activists and journalists. The Ethiopian government for example, has been cracking down on bloggers by hiring professional hackers. Ethiopia has jailed several such critics and journalists. Their surveillance is widespread: people with Ethiopian ties around the globe, have discovered this kind of spyware on their home computers. With the help of FinFisher spyware, Ala'a Shehabi, a British economist in Bahrain, was arrested during the country's lethal military crackdown on pro-democracy protests during the Arab Spring in 2012. The Chinese government too is accused of spying on its citizens' online activities.
Detekt is the invention of an Italian security researcher, Amnesty International, the Electronic Frontier Foundation and similar groups in England and Germany. It works like an antivirus. It tells the user if his/her machine has been infected with
Detekt spots different types of malware, used by governments worldwide. Since Detekt is an open-source tool, anybody can contribute and build upon it further. It can also be used free of cost by anyone.
IDEATE JANUARY 2015
14
TECHBYTES
RICO
Rico is a new smart-home security device, which uses old spare smartphone for providing home security features using the phone's capabilities. The device works in conjunction with the Rico app which needs to be downloaded on the phone. Currently the Rico device housing the phone, supports phones with screen sizes 4.5" or smaller and running an operating systems such as Android 2.2/iOS 6 or higher. The Rico unit is connected to a wall socket and the cables inside the house ensure that the device is always charged up. This hybrid device uses the camera and the processing capabilities of the smartphone to stream live video of one’s office or home via the app for remote viewing. This service is supported on 15
cloud servers hosted on Amazon web services. The device has inbuilt sensors to monitor temperature, air quality, noise levels and motion. Information and alerts are also sent to users via the cloud service for warning about irregular changes in motion or other variables in the home environment. The Rico device is supported by Rico Smartsockets. On plugging the home appliances into these sockets, one can control their functioning like turning on/off electrical appliances. Thus, Rico provides a convenient and innovative way to stay connected with one’s home on the go and helps track its security.
IDEATE JANUARY 2015
STARTUPS
PAWAA
In today’s world Data Leak Protection (DLP) is a vital Technology which is in high demand. There are several sophisticated DLP technologies available in the market . However , organizations are now looking beyond simple DLP mandates. Pawaa Technologies, based in Bengaluru is one such company. Identified by the .paw extension , it has come up with its own secure File system . Encryption is easy, since Pawaa’s file encryption technology is delivered in SaaS model. Pawaa’s file encryption seems to be appbased solutions of corporations , requiring minimal configurations during start off.
Founded by Mr.Prakash Baskaran, Pawaa started as a DLP company in 2006. However they quickly realized that DLP dint have wide applications and the focus turned on carrying security and encryption to the document/file levels. Currently Pawaa boasts of over 100 plus enterprise clients. They have also won several accolades like The RSA Top 10 Most Innovative Companies (2011) , DSCI Excellence Award(2012) and Deloitte Technology Fast 50 India Awards (2012,2013). It also was selected for the Cisco Entrepreneurs in Residence Program(2014). Going by its track record, Pawaa is expected to take the Data Security market to greater heights!!
Gmail users can use Pawaa with great ease. It uses one’s Gmail user-id and password to authenticate the credential and grant access. The person sharing the document can control permissions for the document . Beyond a pre-configured expiry date, the document can no longer be opened. Pawaa integrated its software with Gmail to display the ease of use.
IDEATE JANUARY 2015
16
STARTUPS
BITGLASS
As cloud computing is gaining popularity, many businesses are using multiple cloud services to handle a myriad of business operations. But as evident from recent examples of i-Cloud and Dropbox, even the cloud data are not safe today. To tackle this issue, there has been a growth in Online Security companies offering a variety of data security and protection services. Bitglass is a Silicon Valley start-up founded in 2013 with an aim to provide cloud security and data protection. It is a Cloud Access Security Broker that delivers innovative technologies to deliver total data protection for enterprises in cloud, on mobile devices and on The Internet. Bitglass proxies all enterprise traffic into and out of protected cloud applications. A series of proxies (Forward, Reverse, Ac 17
tivesync, IMAP, SMTP, etc) have been purpose-built to accomplish total protection. Reverse proxy mode is leveraged for most applications. A key benefit of the reverse proxy is that it protects traffic from any device, anywhere, without browser configuration, device profiles or VPN. And traffic to personal cloud apps is never handled or inspected. In cloud security, Bitglass provides alerts and visibilities into suspicious behaviours, data and activity tracking, file encryption before download/upload and password protection to cloud applications. With companies offering Bring Your Own Device (BYOD) policies, there is an ever a risk of confidential data going out of office. Bitglass helps corporate secure data on any mobile device.
IDEATE JANUARY 2015
STARTUPS
BITGLASS
Bitglass was founded by Mr. Nat Kaushik (Founder and CEO) and other industry veterans. Founded just last year with four employees, Bitglass now has a staff of 40. It raised $25 million in a Series B round of funding in August, bringing its total funding to $35 million. It is currently headquartered in Campbell, California. Bitglass’s current focus is to allot capital for product development. Its growth has been steady and businesses are taking notice of what they have to offer. In November 2014, Bitglass was chosen by AlwaysOn as one of the 2014 OnMobile 50 Companies to watch out for. They are a start-up capable of changing the way cloud technology functions.
Breach Discovery analyzes the firewall logs to identify suspect traffic in outbound data flows. Traffic leaving the network for suspect destinations is automatically subject to deep inspection and assigned risk scores. Bitglass Data Breach Discovery is available as a monthly subscription service. No software needs to be installed. Simply by signing up for Bitglass and by uploading the firewall log files, analytics and reports on data breach risks in the organization can be generated.
Using proprietary threat intelligence and big data technologies, Bitglass Data
IDEATE JANUARY 2015
18
THE TECHNOLOGY CELL School of Business Management, NMIMS V. L. Mehta Road, Vile Parle (West), Mumbai – 400056
NEWSLETTER JANUARY 2015
EDITORIAL TEAM
CREATIVES TEAM
Vibhu Vatsala Sood Debroop Banerjee Ankit Anurag Mohit Patil Aradhya Tripathi
Meghna Gupta Jinal Mehta Maitri Shah Prabakaran Nagarajan
Contact Us: Email: summit@nmims.org www.facebook.com/SummIT.nmims https://twitter.com/SummIT_Nmims