Interview With Narendra Sahoo – VISTA InfoSec

Interview With Narendra Sahoo – VISTA InfoSec

Enjoying a long discussion with Narendra Sahoo, Director of VISTA InfoSec, Aviva Zacks of Safety Detectives found out why he started his company and what he does for his customers.

Safety Detective: What motivated you to start your company?

Narendra Sahoo: Prior to 2004, I was working on networking and security in the industry since 1993. In India, the internet came in 1995, and by 1997, it was being noticed. Once that happened, people started setting up networks more widely in their companies and they started realizing that their data was now visible in a computer across the room. This spawned the need for information security in India.

I was working on firewalls and setting up VPNs since 1998 and set up my first system using Check Point 4.1 NG—a very, very impressive Israeli product. By 2004, my friend suggested that if I really wanted to be taken seriously in security, I had better set up my own company. And that led to the setup of my company VISTA InfoSec from my home.

SD: What does Vista InfoSec do?

NS: As a company, from day one, we have been working on information and security. I studied how other top consulting companies were working, and one of the things that I noticed was that they were neutral—neutral product, neutral software—so, I set up a vendor-neutral Information Security company. We don’t sell any products, hardware, or software. We don’t outsource any of our work. We provide end-to-end services and end-to-end handholding. We do audits and certifications in many areas.

This is the ethos of the company which we set up in 2004, and we continue on the same boundaries that we have set for ourselves since then.

SD: What types of companies does Vista InfoSec service?

NS: We are very strong and well-known in the US and India and all over the world. We have our own company in the US and Singapore. We are well-known for SOC 2, SOC 1. So, SOC 2, SOC 1, as you are aware, applies to SaaS-based companies and Datacenter. So, SaaS-based companies, Datacentres, and business analytics companies are our clients.

We do PCI DSS, PCI PIN, PCI SSF, PCI CP, etc. So that makes even companies like banks, payment processors, outsourcing vendors who are doing payment aggregation or authorizing or settlement or card printing. We are there for manufacturing companies and pharmaceutical companies because we do FDA CFR Part 11.

Because of COVID, cybersecurity has come up very strongly because people are now working from home which is outside of the protective boundaries of an enterprise security posture. In your office, you have IDS, IPS, firewalls, DLP, and various other security measures in place, but if you’re working from home, everything is stripped out. That’s why you are hearing a lot about ransomware and security attacks. At this time, almost any company is a potential client for us.

SD: What would you say are the worst cyberthreats out there today?

NS: Talking from statistics—ransomware. But from experience what really causes and results in cyberthreats is that companies are trying to tighten their budgets to save money. Since they are running on tight budgets, the first thing that companies are stripping out at this time is cybersecurity, surprisingly. They are postponing certifications, assessments, audits, and hiring, which is a crazy thing to do.

SD: How is the pandemic changing the way companies are viewing their security?

NS: Some companies are looking at it in a very strong way because they realize that with the pandemic in progress there is a real threat. This is mainly because people are now working in a very disparate manner. We have been witnessing people working on their sons’ and daughters’ laptops, and more than often even children playing on office laptops. They do realize the importance of security and for these reasons, they are racing up, and thankfully, some companies have realized that they even need to change the way they view Compliance Management.

Earlier, we were conducting different assessments or managing compliance, because as a company, we are also into Compliance Management. Earlier it was just like the productive boundaries of the company, so people just walk into the office, work on the office laptops and office networks, and they go home. Everything was safe. But now with people working from home, things are a lot different. Thankfully, companies are evolving in a way that they understand that they need to change the way they view how compliance has to be managed. It cannot be done in the same way as it was done before the COVID era.

I don’t see things getting back to normal for at least the next year or year and a half. And even after that, I think COVID has left a very indelible impact on the way that we work and the way we are doing business. Many companies have decided to work from home continually, or at least on a 50% capacity basis. Some companies have been cutting out on their cybersecurity and information security budgets which is causing a huge risk to the enterprise.

Source of Article