Author Archive for Pukhraj Singh

Imbuing the Public Service with Entrepreneurialism

Cross-posted from The Subaltern Studies (An interdisciplinary studies in media and communications). Pardon me if it sounds a little off-topic. I was just keen to explore the commercial realm of public policy, civil administration, professional advocacy and political lobbying in India.

A recent spat between the Prime Minister’s Office (PMO) and Union Public Service Commission (UPSC) couldn’t have happened at a better time (Ref 1). Leaving aside the usual fact that the event was grossly underreported, I think it aptly highlights a peculiar systemic anomaly in the underlying structure of our Public Service. Possessing decent-enough knowledge so as to play the part of a concerned citizen, I feel that the realm and scope of public policy and administration in India suffers from a great schism which makes it very unmeritocratic. Nonetheless, with all the rapid development, burgeoning economy, rising and vocal bourgeoisie, more accountability, savvy politicians and independent media, there’s great commercial potential for public policy, civil administration, professional advocacy and political lobbying in India.

Unlike the US, which provides enough freedom and scope to their citizens to pursue public service as a career at any stage of their lives, irrespective of their professional background, the public services in India are under the total hegemony of babus who are completely cut-off from the ever-changing aspirations and priorities of the nation, adhere to a monstrosity of outdated bureaucratic protocols decayed by redtapism, and are forcibly desensitized from possessing any partisaned ideology. While the former system may lead to blatant favoritism and (what Jon Stewart has termed as) ‘partisan hackery’, the lndian counterpart hasn’t proved any better. With the constant shuffling and transfers, the babus fail to acquire the depth and specialized expertise required to take-on one problem at a time and fix it – due exception to a couple of areas like economy and finance. Moreover, entering the Indian Civil Service is a one-time decision in the life of a public servant. If you feel like giving your dues to the nation once you have acquired success or fulfilled your liabilities, without venturing into the dirty game of electoral politics, then the best thing you can do is watch patriotic movies or argue your ass off in ‘The Big Fight’. Moreover, it is difficult to make predictions on the future potential of a person and his ability to understand the problems of a nation fifteen years down the line, with a slew of competitive exams taken in his 20s, which are solely aimed to test his theoretical knowledge. I know many people with an intense nationalistic fervor who have an instinctive aversion to herd-like competition but have great empathy for people and highly developed social skills.

Oh Freddled Gruntbuggly...

“Oh Freddled Gruntbuggly…”

Having a great deal of interest in American neoconservatism, I have realized an amazing synergy between academic institutions, think tanks, media, political parties and public service institutions in this realm. Not only does the academic and research backing helps the political parties in closely following the pulse of the nation, but this partnership also yields fresh talent with cutting-edge ideas ready to be inducted in various public service institutions solely based on merit. And what’s so blasphemous about public servants having a political ideology? I think passionate idealism can give that much-required emotional impetus for just and righteous actions. I find it funny that we cry out loud every time an IAS officer is accused of being partial to a party or a leader. I mean, isn’t this like the unwritten rule; don’t we see a major administrative shuffle after every regime change? Then why not make it acceptable with certain rigid impositions so that they don’t cross the line. Reminds me what the professor of political science at Columbia University, Dr. Philip Oldenburg had to say (roughly) – India is a nation of mind-bogglingly diverse (and perverse) political ideologies, whose politicians can go to any lengths and are very enterprising as compared to their American counterparts.

Let’s focus on what’s needed to be done. America houses the finest academic programs for public policy and political science, concentrating a lot on practical exposure and active involvement in public-political domains. These institutions have frequently shaped and changed the direction of national debates and public priorities. Colleges like the Harvard, Stanford, Yale, Princeton, Berkeley, Columbia, Georgetown, Tufts, MIT, Syracuse, Chicago, Michigan and Duke have produced some of the finest bureaucrats in the world. Compared to that, India is still lying in the cradle and playing with saliva bubbles. Only recently, IIM-B and IIM-A have realized the scope of public policy in India and have started postgraduate courses strictly limited to mid-career public servants and social workers (Ref 2, Ref 3). What about the rest of us? Institutions like ICFAI, MDI and TERI have also taken some initiatives; however, my interaction with the ex-students reveals that they have some crippling problems to overcome and also lack the extremely important political backing.

Coming down to the career scope, I think the possibilities are unlimited. Till now, the only places where public policy experts could get a job were academic institutions, NGOs or think tanks like the Centre for Policy Research (CPR). Your contribution towards nation building was limited to some obscure conferences, dull policy briefs which are rarely read, cautiously-provocative newspaper columns, TV interviews, and being a slavish member of governmental commissions and inquiries. Something like what Dr. Brahma Chellaney does, though he’s exceptionally daring and free-minded at that. With a gradual influx of young and savvy politicians, I think political campaigning in India will get very professional (witness some progress at democracyconnect.org). The populist media of India lauds itself for being innocently non-partisaned — load of bullshit. They still don’t have the candor and tenacity to be independent and impartial. Look at incidents like the ‘cash for votes’ scam where CNN-IBN pushed the envelope of mendacity by refusing to telecast the tapes. Or how the NDTV constantly flaunts its CPI backing. It’s high time that we move over from programs with a misdirected nationalistic fervor, like ‘We The People’ where Alyque Padamsee or Suhel Seth seem to have the ability to solve every problem of our country. Instead of cribbing about journalistic integrity all the time, we need to take a completely opposite approach. We need partisaned media outlets which have the freedom to pitch their political ideologies with respect. We need our very own, desi Rush Limbaughs. This will create a competitive but level playing field. The inability of the Indian government to regulate the Internet as of now, should be exploited to the fullest to create new portals and independent think tanks that can have great commercial viability too (desi Drudge Report, AEI, Brookings, Cato etc).

While visiting an online political forum to gather perspectives on the ‘cash for votes’ scandal, I was amazed at the sense of obviousness with which some American members reacted to the incident. Upon expressing my surprise, they shrugged how these are just the minor teething problems of a young democracy. American political parties, with almost three centuries of experience to their credit, have legalized the system of ‘donation for favors’ by setting up a complex and an almost untraceable network of lobbying groups which tweak the system. India needs to learn from that and clean up their act, they said. Minus all the ills, I think this is bound to happen sooner or later, which means all those vacant seats of highly paid policy gurus and campaign managers are up for the taking. Lastly, the powerful Indian middle-class will be very receptive about the electoral candidates with such professional experience and depth in public administration.  Go, build a nation!

Indian SMBs to spend $1.26 billion for Internet services in ’08

A report by market research firm Access Markets International Partners estimates that Indian SMBs will spend $1.26 billion on Internet-related products and services in 2008, an amazing 35% increase from the last year. Considering the fact that data security and compliance is generally the third or fourth factor in the priority-list of SMBs (after things like infrastructure and accessibility), I am just wondering how much of it can be tapped by non-intrusive and hassle-free models like security-as-a-service? SMBs are still sticking to contemporary offerings due to the lack of awareness. Even a small chunk of the pie will be plentiful. Security companies need special action plan for India now.

Two new web security (SaaS) startups

I was just waiting for something like this to happen. Purewire and ZScaler will be upping the ante in the lucrative managed services market. The companies are backed by security superstars like Jay Chaudhary and veterans from CipherTrust and ISS. Prices range roughly from $1-$5 (per user per month) and $30 (per user per year) for ZScaler and Purewire respectively. Way to go!

Security startups to watch

Here’s a list of some bright and upcoming security companies which, in my opinion, have a promising potential:

Endeavor Security (www.endeavorsecurity.com, Rating 4/5) – My bets are on this startup. Endeavor is an early-stage company working on a truly disruptive security framework which could be the next big thing in Internet-wide threat analysis and actionable intelligence. The problem with existing intelligence players is that their offerings are not truly actionable, i.e. they don’t cover the complete cycle (detection-reporting-remediation). Secondly, none of them have the capability to provide vendor-agnostic remedial input. Third, no one’s able to keep pace with the changing threat landscape. Fourth, most of the industry analysts wrongly believe that the need for such a service is failing. Security intelligence is still scattered and raw. There is a big response gap which separates intelligence from the effectiveness of deployed products and services. If someone is able to bridge this gap in a product/service/vendor-agnostic way, then there is a great opportunity for setting up a truly early-warning and preemptive service offering. Backed by Department of Homeland Security, this company has taken its first steps to test the waters. It has launched solutions like FirstLight Signatures (signature service for various IPS, UTM and firewall vendors) and FirstLight Active Malware Protection (gathering latest malware data from deployed sensors and relaying it across to the AV vendors before the outbreak occurs while protecting their customer’s perimeter on-the-fly). I had a brief interaction with one of the founders and they say that a SaaS offering is in the works. All this makes it a company to watch out for. Their only challenge would be to get some gung-hos in the management team and build a very strong research back-end.

Rohati Systems (www.rohati.com, Rating 3.5/5) – Well, nothing groundbreaking really but a credible enhancement over existing offerings. They are working on a layer 4-to-7, policy-based firewall controlling access to various applications and resources, with awareness about their business context and compliance regulations. Alan Shimel has termed it as “a logical extension of identity based access control” and I agree wholeheartedly with him. They are not alone in the game, with Palo Alto Networks giving them some heat. However, they are garnering most of the media attention due some highly-accomplished Indian techies from Cisco in their management line-up.

Mocana Corp. (www.mocana.com, Rating 3.5/5) – This relatively-older company is gradually coming into the limelight. They are building security infrastructure for all kinds of networked devices, from mobile phones to coffee makers. They have acquired a small Indian company to setup their offshore R&D base in Pune.

Sramana’s Challenge: Kyunki ‘SaaS’ Bhi Kabhi…

Just about an year ago, I started thinking about the last big thing in security. This industry has reached a stage where disruptive technologies have virtually hit the glass ceiling. The market has violently regurgitated from any attempts to shove myopic product solutions down their throat. While industry old-timers sulk at it, I believe it’s a justifiable act. However, there are still a few acid-tripped security startups aiming to sell pure-play product solutions which only solve a part of the problem. I think their belief lies in the fact that there are still a few paranoid clients and pseudo-geek CISOs, who will buy their FUD-mongering and save themselves from the impending security doomsday. I think they are badly mistaken.

On a more calmed down note, customers have realized their mistakes and are suffering from existential angst. They understand the current threat landscape, the actual security risks looming over their business – they see the bigger picture and they know what they want. What customers don’t want are solutions which fragment the security problem into minuscule, mind-numbing, schizoid entities like botnet mitigation, security incident and event management, change control, client-side security, intrusion prevention, virtualization security, spam protection, endpoint protection, network behavioral analysis, identity management, fraud prevention, threat intelligence, compliance management, yada yada yada. Customers have failed to quantify any tangible RoI on such expenditures, they have had a hard-time managing the gamut of deployments over their networks, and above all – they don’t have any god-damn clue on how to gleam actionable information out of these products. They have stopped being carried away by this cryptic industry. So consolidation was a very obvious Darwinian step.

Mind you, the consolidation is happening in two ways. One, the established bigger security vendors are acquiring smaller companies and creating wholesome, turnkey solution offerings which cover everything under the security umbrella (Symantec, McAfee, Cisco). Secondly, enterprise software and solution providers, which are generally exposed to maximum risk are integrating these security technologies right into their very frameworks (EMC, Google, HP, IBM, Microsoft, Oracle, SAP, VMware). Thirdly, the coming innovation will be in the solution offerings and not in the underlying technologies. Fourthly, the security outsourcing industry is lagging by around 5 years.

So now comes the million-dollar question. What about ground root entrepreneurs and Schumpeterian innovators? I think, there are some opportunities on the horizon. The opportunities lie in re-innovating product technologies which failed just due to their higher operational costs and lack of business clarity. A quote from my last post which will help in elucidating this point:

…enterprise security expenditures became more and more justifiable in business terms due to regulatory compliance, cyber-crimes becoming a grim reality and the changing threat landscape. So now, security was not some obscure handy-work limited to network administrators; its need had trickled down towards the pin-striped pants of the management.

Opportunities also lie in security solutions which can leverage the cost-arbitrage. With the ongoing consolidation, security solutions have become more and more service-centric and productized-services is the way to go. When it comes to services, we can definitely exploit the well-proven Indian offshoring model. The case in point being, that although the bigger security players are merrily striving to provide wholesome solutions, integrations of such diverse acquired technologies leads to a lot of quality-loss thus raising the cost of the service offering.

Let me a take a few ideas very specifically. A few months ago when I read this seminal article by David Cowan, my immediate thought was, “Why not try outsourcing+SaaS!!?”. An excerpt from my brief commentary.

Absolutely credible and intuitive assessment of the consolidated and de-productized information security market by David Cowan of Bessemer Venture Partners. David has hit the bullseye here, beautifully explaining the current and underlying bottlenecks ailing the business of information security. Personally, I feel this is a brilliant take on the future of the IT security industry. People have already shunned the idea of another killer security product and information security outsourcing (infrastructure management/MSS – whatever) is going nowhere.

Now, imagine the proven Indian offshoring model combined with SaaS! Companies like Wipro, which has a well-established security consulting services arm, has this whole market for the taking if they can streamline their messy operations. However, this is a tough bet for ground root entrepreneurs as it requires an elaborate operational setup and infrastructure.

And just a few weeks ago, when I read the Challenge to Indian Entrepreneurs posted by Sramana Mitra (written in Feb’07), I became more and more certain.

In the recently concluded Philippe Courtot interview series, we discussed at length the various ways in which India and China could undercut US companies, and Philippe acknowledged that in his business (Qualys is an outsourced managed security service provider, a SaaS play), it is quite possible that an Indian company could come up with a vastly lower cost structure, and customers would switch immediately, if they are convinced about the reliability of the service.

Just to set the economics in perspective, Qualys has invested $65 Million to build an infrastructure that “is at the scale of the planet” to monitor, audit and report network security problems.

Let me throw a challenge in the direction of the Indian entrepreneurs: Go figure out how to build this same business for $30 Million, and I can tell you, you will have an absolute winner in your hands.

There hasn’t been a better time to disrupt the current dystopian order. In fact, a few Indian companies like iViz an Aujas (both backed by IDG Ventures) are trying something similar to Qualys. But they have a long way to go. Their product technologies are in nascent stage, they are trying to re-invent the wheel in solving most of the problems, they lack in technological maturity needed to understand the services model, they don’t have solid sales and marketing channels, and above all, they don’t have the kind of Ãœbermensch team which is needed to pull this off. There are only a handful of people in India which have worked on such intrinsic areas like security product management, so talent is a big scarcity. I think, there is a timeline of about 1.5-3 years – until when the bigger consolidated players fix the rough edges of their offerings – where such startups can still think to leverage this big opportunity.

Okay, one more idea for the taking. I think, service-provider/tier-1/backbone security is one market which is still in the experimental phase. There are some great opportunities lying there. Indian companies like Guavus and others like PacketAnalytics are working on it.

Then, opportunities also lie in capturing the contemporary security services market by transforming them into the fashionable on-demand model combined with offshoring. Example being – Veracode for application security.

That day is not far-off when some Indian entrepreneur will make Sramana and SaaSu-Maa jump with joy. Whad’ya say? :)

Happy SaaSu

ArcSight IPO: A positive vibe

So ArcSight, the enterprise security and compliance management company, went public a couple of weeks ago. Market watchers and industry analysts had always held mixed views about the company, and the same story goes with its IPO too. The hints of a listing came to be known publicly in September 2006, when the Valley kahuna Ray Lane chaired a meeting on ArcSight’s future and how it could be a worthy competitor in the to-be-consolidated information security space. The talk of the town was that the company’s decently solid sales record and struggling competitors is a positive sign of a stable future; thus broader solution offerings can be built by leveraging the IPO moolah which can be used to target some of the bigger players. This puts them in a better spot than other myopic security startups which only target a small part of the ‘security problem’. However, the festive mood was dampened a bit as the listing raised around $54M, slightly below expectations.

ArcSight was started during the hay days of security when companies with angel-eyed security administrators were really keen to visualize and monitor their security posture on an enterprise-wide scale. Termed as Security Incident and Event Management (SIEM) solutions, these systems were aimed at picking out useful and actionable information from all network and security devices, rejecting unwanted notifications and false positives which had become a pain in the neck, metaphorically speaking. These were the times when intrusion detection systems had just gained wide-scale acceptability and deployment but they were prone to generating a lot of alerts, and on an individual basis it was hard to make sense on what was going on in the network, thus defeating their whole purpose. But when it came to the actual implementation and tweaking, SIEM could make the client’s espresso-machines run out of coffee powder. Moreover, their visualization and anomaly detection systems didn’t really prove that effective and had a high learning-curve. I remember working for a SIEM vendor on a contract when I came to know about the dreadful effort of installing this gargantuan solution, which could easily take a couple of weeks or even months. So ArcSight being a smarter kid on the block, took a slip road like so many others. During the same time, enterprise security expenditures became more and more justifiable in business terms due to regulatory compliance, cyber-crimes becoming a grim reality and the changing threat landscape. So now, security was not some obscure handy-work limited to network administrators; its need had trickled down towards the pin-striped pants of the management. SIEM vendors like ArcSight, with some magic and lot of rework, were able to provide respectable offerings in compliance monitoring, fraud prevention and identity management. Fast-forward a few years and we got a company sending out positive vibes in a niche market which has drowned itself in pessimism. It would be interesting to see how ArcSight will fare in this industry witnessing some epic shifts and large-scale consolidation.

Some thoughts of this article are derived from: ArcSight Security IPO, Not So Hot

Great read: SaaSy security suits small businesses

Absolutely credible and intuitive assessment of the consolidated and de-productized information security market by David Cowan of Bessemer Venture Partners. David has hit the bullseye here, beautifully explaining the current and underlying bottlenecks ailing the business of information security. Personally, I feel this is a brilliant take on the future of the IT security industry. People have already shunned the idea of another killer security product and information security outsourcing (infrastructure management/MSS – whatever) is going nowhere.

Now, imagine the proven Indian offshoring model combined with SaaS! Companies like Wipro, which has a well-established security consulting services arm, has this whole market for the taking if they can streamline their messy operations. However, this is a tough bet for ground root entrepreneurs as it requires an elaborate operational setup and infrastructure.

Read here.

Hacking The Himalayas

Continuing on the thought-provoking post by Sanjay, I wanted to share a very interesting story of human endeavor and social entrepreneurship. The amalgamation of right ideas, right minds and right knowledge can definitely change human perspective and enlighten society.

A Silicon Valley escapist, members of the old-school computer security group called the Cult of Dead Cow have ventured with residents of the Tibetan-dominated town of Dharamsala to establish a wireless mesh network which caters the community with high-speed data and telephony services. The whole project runs on solar power, cheap hacked hardware and open source software.

The story in itself is amazing and awe-inspiring. This Xanadu called Dharamsala has already witnessed a cultural revolution of sorts. A kingdom in exile, an escapist hippie-hideout and now the witness of a technology frontier.

This hacker illuminati is also organizing AirJaldi Summit to share ideas on making this pilot a “social elephant” as Sanjay terms it :)

Creative Destruction

Entrepreneurship induces destructive changes in the underlying system. This is how the famed, uncontemporary economist Joseph Schumpeter defined it. He termed it as Creative Destruction. This rebel economist was the first one to rightly predict economic ecosystems like Silicon Valley, giving a deep existential insight into the mind of the entrepreneur. A far-cry and almost anarchic view when compared to the Keynesian notions of mass-production and supply-and-demand, which were dominant and popular during those days of industrial revolution. With seminal works like Capitalism, Socialism and Democracy, he laid the foundations of entrepreneurship.

He (Schumpeter) rejected the notion of equilibrium altogether, instead arguing that the economy is in a perpetual state of dynamic disequilibrium. Entrepreneurs introduce innovations that upend the established order, he said, unleashing a “gale of creative destruction” that forces incumbents to adapt or die. This “process of industrial mutation,” he explained, “incessantly revolutionizes the economic structure from within, incessantly destroying the old one, incessantly creating a new one.” Moreover, it is precisely this process that causes economies to grow. “Stabilized capitalism,” he declared, “is a contradiction in terms [1].

For me, Schumpeter was one of the earliest avatars of the entrepreneur we see nowadays. He was non-aligned to the economic theories of those days and wanted to create an economic model whose basic catalyzers were idea and creativity. Under a heavy influence of the existentialist writers like Nietzsche, he amalgamated basic reasoning with economics. Even while reading the “acclaimed” book Blue Ocean Strategy, I could somehow see the Schumpeterian foundations of big-is-better and monopoly innovations [2].

With the passage of time, his ideas were taken seriously and people could relate to it. He’s not a perfect rendition of the entrepreneurial mindset and neither his hypothesis has an underlying mathematical logic, still he had some fascinating ideas.

1. Dead Thinkers’ Society, Meet the new economy’s oldest new economist – Business 2.0 . Cached link here.

2. Schumpeter�s Creative Destruction: A Review of the Evidence

Business Plan Archive

Just stumbled on this interesting website which can be a useful resource for entrepreneurs who want to get a taste of how some real business plans were blueprinted, formulated and implemented.

The Business Plan Archive is a joint archiving project headed by prestigious institutions like Library of Congress, the Center for History and New Media and the University of Maryland Libraries. Their aim is to preserve the golden era of entrepreneurship and creativity, the birth of the Dot Com Era, for upcoming generations.

Definitely worth a look. After a quick registration process, you can access mounds of data like business plans, executive summaries, spreadsheets, powerpoints, press releases or any other material which defines a start-up.

And yes, I am really excited to be a part of this community blog!