Interview with Rahul Powar, Founder and CEO at Red Sift
In this interview, Rahul Powar, Founder and CEO at Red Sift elaborates on empowering security professionals with the right tools to meet their security needs and offers a sneak peek into their new email security product in the works. Read on as he discusses the need to transform cyber security from a risk management exercise to a competitive differentiator for businesses. A serial entrepreneur, technologist and leader, prior to Red Sift, Rahul founded Apsmart, which was acquired by Thomson Reuters Corporation in 2012, where he joined the team as the Head of Advanced Products & Innovation. He has also been part of the founding team and principal technical architect of Shazam, envisioning and creating the first Shazam iPhone app, much before the launch of the iTunes AppStore
TDE: Tell us about your product/business and your specific role?
Rahul Powar: Red Sift is a data-driven cybersecurity platform that helps organizations tackle day-to-day security challenges. The first product we developed on the platform, OnDMARC, is designed to help organizations protect their email domains against impersonation, a technique used by cybercriminals for malicious purposes such as tricking the email recipient out of data or money by posing as a legitimate sender.
Along with Randal Pinto, our COO, we founded Red Sift back in 2015. As CEO, I’m responsible for overseeing business strategy, supporting our team and driving new product development – including a new email security product currently in beta.
TDE: What is the core issue your product/technology aims to address and what sets it apart from the other players in the market?
Rahul Powar: OnDMARC helps organizations implement the government-endorsed DMARC (Domain-based Message Authentication, Reporting & Conformance) security protocol, to protect their business from security breaches that can result in huge financial losses and serious legal implications for those in the EU. OnDMARC automates a lengthy and complicated process to protect businesses and their customers from email hackers.
For the Red Sift platform itself, we aim to equip security professionals with the tools they need to build tailored products and apps for their organization’s needs. In the future, we want our open-source platform to act as a place of collaboration for product development, by providing the monitoring, logging and dashboarding tools needed to protect organizations of all sizes and sectors from day-to-day threats.
TDE: What’s the one industry, sector or role that your technology is most relevant to?
Rahul Powar: We operate within the cyber security sector, with our current products focusing on email protection. Considering the centrality of email communications to business processes, alongside the fact that 91% of cybersecurity attacks begin with email, our technology is relevant to all industries in some capacity.
TDE: What are some of the common challenges your customers approach you with?
Rahul Powar: The most common issue is knowing where to begin. When faced with yet another sizeable acronym like DMARC, trying to implement a protocol across an organization alone can seem hugely daunting. That’s because implementing it on your own is hard and requires technical expertise in the area. And even for those who have the knowledge to deploy DMARC alone, communicating the business need for DMARC and getting buy-in from across the organization can be a huge challenge, especially in busy C-suites whose priorities are often likely to focus more naturally on investment and business growth rather than the ins and outs of threat protection.
TDE: Cyber attacks cause considerable damages to businesses, both in terms of financial losses and hampering the brand image. What are some basic measures that even the smallest businesses must invest in to ensure their digital security is efficient enough to counter these threats? Can you give some examples of a few preventive steps that you have seen IT teams deploy successfully?
Rahul Powar: Some of the most essential solutions for businesses are the same that we would often apply in our daily lives. Using complex passwords and changing them regularly for business log-ins, for example, or enabling two-factor authentication.
Even the smallest teams can build a culture of security awareness into their business.
For example by making it policy that individuals use only authorized products and apps at work, and declare when they’re using a new service, potential threats and supply chain risk can be properly evaluated.
TDE: What are some of the key security management measures that enterprises can take to ensure security in cloud operations and employee mobile devices? What are some regular preventive checks that businesses can undertake to avoid cyber-attacks or information breaches?
Rahul Powar: To reiterate the above, all organizations should implement policies to ensure employees are using password best practices and enabling two-factor authentication. While smaller organizations may not have the resources to implement beyond the basics, enterprises should seek to enlist a data protection officer responsible for monitoring cloud and mobile operations in the business’ network.
TDE: Your recent analysis of exhibitors at Infosec London revealed that even leading businesses had misses when it came to practicing email security. What are the reasons for such lapses in implementing security measures even though they have been quite simplified in today’s digital era?
Rahul Powar: We should be clear and highlight that the Infosec analysis looked solely at their DMARC statuses which is the only sure way to eliminate the threat of exact domain email impersonation. However, many of those exhibitors will have a slew of email security solutions at the gateway or in the form of an appliance, stomping out spam and malware-infested emails. While DMARC has been around for a number of years now, it’s not been sensational enough to warrant the same level of media attention as say the WannaCry ransomware attack.
As previously stated, if there’s a lapse in security implementation, it simply boils down to competing priorities, a lack of understanding – feeling that it’s difficult to implement – convincing decision makers of its worth. With Government bodies now mandated to implemented DMARC, we’re optimistic that the business sector follows suit.
TDE: How do you think emerging technologies like AI, machine learning, blockchain etc will impact an enterprise’s approach to security management by the turn of this decade? How can security professionals keep pace with these advancements?
Rahul Powar: As emerging technologies, these systems are currently not being used at a large-scale. Thankfully, these technologies have not yet been weaponized to attack companies, though the industry broadly expects this to start happening. However, it is clear that every business has more digital exposure than ever before and it is only ever increasing. Businesses must start looking at cybersecurity as a fundamental component of their business model and, through implementing modern security standards and continuously keeping track of best practice for their industry, they can be best prepared to tackle these inevitable challenges.
TDE: Using technology to affect transformation usually starts with a transformation of beliefs and mindsets. How do you consult enterprise clients and help them make that important shift in mindset to move ahead on a particular project or implementation?
Rahul Powar: A client is much more likely to implement this technology if they understand how it is relevant to the business objectives. The supply chain and client network can also become an important tool for effecting technological change.
By stipulating what cybersecurity standards or technologies a supplier must have in place to do business with you, a cascade effect is triggered as they, in turn, look at their own supply chain. Most importantly,
this transforms cybersecurity from a risk management exercise to a competitive differentiator.
TDE: Give us an example of an enterprise meeting a digital transformation goal through your product?
Rahul Powar: Recently, we’ve seen a huge push of digital transformation across many public services, from paying Council tax online to reporting fly-tipping, and naturally, email is a component of most digital transactions. To ensure the success of any digital service councils and the like, need to be able to reassure citizens that the emails they receive are genuine. That’s why the Government’s Minimum Cyber Security Standards framework mandated DMARC for government bodies.
We’ve worked with several councils to help improve their email security. It was vital that the public trusted the email communication as otherwise, they simply would not use it. OnDMARC allowed them to rapidly achieve compliance with required standards and allowed them to communicate with confidence over email.
TDE: What present or upcoming technologies do you think have the maximum potential to accelerate enterprise digital transformation?
Rahul Powar: It first must be considered that digital transformation means many things to many people. If we talk specifically about cyber security, which we believe is a critical enabler for digital transformation, we are witnessing a sea change. Machine learning technologies are beginning to remove the cost of expensive analysts and people are able to do more things that were previously thought unimaginable. This reduction in both costs and time should lead to an increase in performance and productivity.