In this SaaSTrana podcast session, Puneet Miglani (Founder – Candor Technology) discusses how app development companies emphasize security in their AMC contracts with Venky.
We started in 2011 in Dubai as a digital marketing and development agency. And since then, we have come a long way. We are data-driven, and we use information to guide our customers in communicating their products and services to their customers in an effective way.
When we first started, our customers and business partners were instrumental in our growth into the IT solutions and services company we are today. And today we provide a much wider range of services. We started 11 years ago. Our focus has been to grow organically, an ethos we continue to follow today.
And we recently opened our operations in Canada, and we look forward to growing there in an organic way.
I will walk you through the journey of 11 years to know how we’ve evolved. So, during the first few years, our focus was on providing excellent service, which is important to our customers, building a strong internal team who are knowledgeable individuals, and industry partners, which are very important for any growing business.
Our customers’ expectations are very high. And as they have evolved, so have we, and the offerings we provide as well. Because of our customers’ confidence in all these solutions we have delivered over the last few years, it keeps increasing
I still remember when we started; we did websites, mobile applications, and e-commerce portals. Today we do far more than those. So, at the end of the day, we pivoted, as our clients requested, and there we won a few key projects, which has helped us evolve.
So, to put things into perspective, the first three or four years were more on the development side, where clients wanted us to do development work. And then, eventually, we started seeing AMC contracts come in better. It was also about ensuring that the projects were maintained correctly.
And then, as the importance of security increased, the VAPT aspect also started getting added to our AMC products. So today, we are a fully-fledged IT services and solutions firm that caters to a broad range of customers, from startups to SMEs to enterprise-level customers.
So it has been quite an enjoyable journey for us during those 11 years of our growth.
Well, I would say it’s a combination of both.
As I said initially, we were doing design and development, mobile applications, and e-commerce portals.
And as the industry has been evolving and vulnerabilities are coming up, teams understand its importance. Most likely, most clients were initially unaware of the importance of security. And then we have been pushing this thing.
While we have multiple solutions out there, you have open-source solutions. Open source is cheap, easy, and quick to deploy. However, it comes with its share of vulnerabilities that we need to address. At that time came in from our side, we said, “hey, this is an opportunity; VAPT is something that we need to add as part of our offering.”
So eventually, it grew and became a combination of both. Customers today understand the importance of security. And it has become a very important layer in anything we start rolling out. So, it’s not only design and development; security too plays a very important role.
Customers are maintaining security to ensure that vulnerabilities are not there. But there is no guarantee that you will not be attacked. How you protect your business and move on from that is what we need to work towards. The market is surely maturing to that, and it’s becoming much easier for us to give this value to our customers.
Absolutely. And I think that is what our focus has been. That’s where we are now looking at how WAF solutions can be added to the implementations. Our responsibility is not only to be the development team but also end-to-end.
We look at it in brief briefly: your end goal, how you get there, and what role security will play: your end goal, how you get there, and what role security will play in it. I think that’s the journey that we are on now.
When we went back to our customers and said,
“Hey, you need to focus on vulnerabilities in your current applications.”
Most of them were oblivious to the fact that they were so secure. They were confident that their applications were very secure.
I said, “Okay, can we do a run test?”
And some of the results were shocking. And then, they understood that having the SSL certificate no longer cut it anymore. So, much more must be done on the application and database levels.
From that point in time, from having a little knowledge, customers now progressively look at how security needs to be built in.
I still remember, I think, a couple of weeks ago, I had a meeting for a new project. We had a separate meeting for design, a separate meeting for development, and a separate meeting purely from a security play standpoint.
So that was refreshing. And as I said, yes. So now we’re getting there, so the board is being pushed from a security point of view, and the clients are serious about it. That is also very important.
These would be the key variables that I would look at as a business to see whom I partner with to bring on board and make this an offering to our customers.
I would say follow the KISS policy. That’s what I do.
Keep It Simple, Stupid, and then expand from there.
Earlier, we are an industry that is constantly evolving. There is change every day, every other day. You cannot master everything in one day. But when you follow the KISS policy, you can learn something new every other day and keep learning and advancing. And then, one needs to adapt to the circumstances and how things are pivoting around them.
Sometimes, even slowing down is also very important. Looking at the tide too closely does not help at times. Take a step back and constantly readjust.
Have a positive attitude.
It’s always going to be a long way ahead and enjoy.
Yeah, it is simple, indeed. And the complex thing is trying to keep it simple!
To know more, listen to the podcast here.
Stay tuned for more relevant and interesting security articles. Follow Indusface on Facebook, Twitter, and LinkedIn.
This post was last modified on April 28, 2023 20:14
A Managed WAF is a comprehensive cybersecurity service offered by specialized providers to oversee, optimize,… Read More
Explore crucial tactics like Asset Inventory, Patch Management, Access Control & Authentication, and additional best… Read More
Delve into the data privacy questions including consent protocols, data minimization strategies, user rights management,… Read More