In order to make the organization a unicorn, one needs to have the right product offerings, right funding partners, well-defined market positioning and a healthy and attractive work atmosphere. Indusface fits into all these parameters but what prevents the founders from entering the orbit is their conscious decision of growing organic and less stress on the volume growth.
There are many stories around cricketer – turned politician or cricketer turned businessman – into sports segment but there is hardly any story around cricketer turned startup that to into a very niche segment of the technology – WAAP (Web-Application and API Security), DDoS & BOT Mitigation, CDN, and threat intelligence, etc. Even many large companies are refraining from Niche technologies as the volume is low and there is huge risk. But risk and reward go hand in India. So, a gritty and risk- taking character can only go for it. The person whom the reference is to is a person whose first love was cricket and achieved quite a good height but could not continue the flight for the sake of his second love that is technology.
“Our numbers for last two quarters are definitely surging from a growth perspective and apart from net new customers, we are also seeing a lot of our existing customers buying more.”
Ashish Tandon, CEO, Indusface
The story is about Ashish Tandon, CEO, Indusface. Not only did he managed to pull the rabbit out of his hat but also mesmerised his co-founders – Nandini Tandon, the CPO of the company, and Venkatesh Sundar, the CMO of the company under the spell. There is a saying – ‘birds of same feature flock together’. The trio had a common love for cricket, and they were innovators and out of box thinkers. Individually, they had achieved certain milestone in the technology space but with the convergence of positive energy created Indusface eleven years ago in 2012. The objective was to stay in nice areas where the risk and reward is proportional.
Platform Landscape
- AppTrana – a fully managed web application security solution offering comprehensive risk assessment, protection and monitoring and acceleration
- Web App Security (WAS) – a fully managed application risk assessment and comprehensive risk assessment through automated scan and manual pen testing
- Mobile App Security (MAS) – a comprehensive dynamic application security penetration testing solution for mobile applications
- SSL Certificates – powerful digital certificates for secure and confidential communications
The Co-founders leveraged and applied lessons and strategies learnt both on and off the pitch at work. Bootstrapped in the early years, their market understanding, quality of product and service helped Indusface grow and profit in the first year itself. Eight years later, the $5 million in funding from Tata Capital Growth Fund II helped them expand their footprint as a global enterprise offering four distinct products. This is very interesting that when the whole world was suffering from the pandemic and there was no positive news, Indusface attracted the investor. Fast forward in 2023, the company has bagged 5000+ global customers and the company spends 25% of their revenue in R&D activities. Some of the big customers include TCS, Axis Bank, Marico, Jet Aviation, LTI Mindtree, ICICI Bank, HDFC Bank, etc.
It is one of the prestigious application security SaaS companies that secures critical Web, Mobile, and API applications of 5000+ global customers using its fully managed platform that integrates web application scanner, web application firewall, DDoS & BOT Mitigation, CDN, and threat intelligence engine.
Indusface is the only vendor to receive 100% customer recommendation rating three years in a row and is a global customer choice in the Gartner Peer Insights Web Application and API Protection (WAAP) Report 2023. Indusface is also a “Great Place to Work” 2022 Winner in the Mid-Size category in India and is PCI, ISO27001, SOC 2, GDPR certified and has been the recipient of many prestigious start-up awards.
“The security and IT leaders are asking us to provide solutions for protecting APIs but they do not know where the APIs exist. So, just about a month ago we added a feature called Discovery into our protection platform.”
As a private owned company, although there is no revelation about the present revenue of the company but different websites report different number but if zoominfo.com to be believed, they put a number of US$19.9 million, which is quite impressive. Even Ashish also alludes to a number of double digit million revenue. And, the company is planning to double its revenue in next four quarters. The number is justifiable as the business’ average margin yield is 60%+.
As per Ashish in the space of cybersecurity, SaaS and cloud there is a phenomenal surge in demand. There is a huge growth in digitalization right from the top enterprises to the SMBs. Every organization is looking at digitalization and digitalization means making most of their communication platforms – be it with customers, with partners, etc., online.
At the same time there is also a surge in the business protection of digital assets – whether it is websites or mobile apps or APIs. With this backdrop, revenue for Indusface is also growing quarter on quarter. Ashish said, “Our numbers for last two quarters are definitely surging from a growth perspective and apart from net new customers, we are also seeing a lot of our existing customers buying more.”
It means they are getting more of their assets digitally available on the Internet or the cloud. Even, the global IT sentiment is slow, cyber security is not slowing down. With more digitalization, more ML and Chat GPT, etc., coming up technology is becoming complex and the scope of cyber security become more prevalent.
Out of all offerings that Indusface have, their API security is making aggressive headway into the market, which was launched a year back. However, our survey among the Indian’ IT leaders reflect that 15% of organizations do not have API security, although they have APIs for their applications. To this Ashish said, “I am not surprised! There are a few challenges on the API front. For example, the marketing department wants to host a web application and they will go and tie up with a third party and does API integration, no one knows about it in IT. Similarly, there are other departments who are doing the same thing.”
So API discovery is the biggest challenge for the CIOs and CISOs. The IT and security leaders are struggling to make discovery of their APIs. If something goes wrong, the CIOs or CISOs are obviously liable. He added, “The security and IT leaders are asking us to provide solutions for protecting APIs but they do not know where the APIs exist. So, just about a month ago we added a feature called Discovery into our protection platform.”
It means those who use Indusface platform, now can discover these API’s and report it to the leaders. Along with the discovery, they can also take down the rogue API injected by the adversaries and shadow APIs, which are older versions and can potentially initiate security breaches.
Indusface business started with solutions that protect websites and mobile apps from DDoS and Bot attacks. The platform has a couple of products. One is called AppTrana WAAP under which the solutions are offered to the customers through the MSPs. The other one is called Indusface WAS, which is for application scanning.
The large MSPs including TCS are the partners of Indusface. Addressing the data sovereignty, the company has hosted its solutions in country specific cloud marketplaces including India, Middle East, North America and Europe.
When the customer onboarding happens, the company does a risk assessment and based on that Indusface team issues recommendation. Ashish maintained, “The other challenge for the customers is that in the real case scenario they get software from someone and managed services from others. In our case, they not only get our software but also services with a very solid SLA to back it up.”
Skills are a big challenge these days to deal with complex and sophisticated solutions. In the case of Indusface is that they have in-house capability to virtually patch application specific and zero-day vulnerabilities and monitor the patches for false positives.
Indusface platform is available on a subscription model. It is priced according to the number of applications or on consumption of data.
Today the company has 150+ developers. Three years back, Indusface revenue was almost 90 – 95 per cent from India and rest was from the overseas market but today 50- 55 percent revenue is from India and rest is from overseas market – predominantly from US and Europe.
Since the market is growing in countries like India, Middle East, Africa, US, Europe, etc., the company is added more people and building channel ecosystem to support in pre-sales to sales and post-sales.
Ashish concluded, “There is a huge opportunity for us. Therefore, we are investing in people, channel engagement and brand building.”
Finally…
The company is profitable and growing approximately 45% YoY and the platform revenue is growing at 60% YoY. But the internal projection is to make it 100% in the next 12 months. The company is investing almost 25% of its earnings in R&D to enable 24/7 research and monitoring customers digital assets. So, if I predict that Indusface has the potential to become the next unicorn in the security domain, would it be wrong? You decide.
If you have any opinion on my analysys, pls. send in your comments to sanjay@accentinfomedia.com