Let’s talk about digital identity with Vinay Sawarkar, Founder and CEO at Claidroid.

In episode 47, Oscar talks to Vinay about digital identity in India, and its key role in the country’s digital transformation and privacy regulation evolution (with the upcoming Personal Data Protection Bill). They also discuss identity in a wider regulatory compliance, security and user experience context, noting Identity and Access Management (IAM) – and particularly Customer IAM (CIAM) – as a core component of success in all three areas.

[Scroll down for transcript]

“India is on a very exciting journey of digitalisation.”

Vinay SawarkarVinay has over 35 years of varied experience. Over the years, he successfully held numerous roles with increasing responsibilities. He established and managed the global practices in e-Security and Service Management in partnership with global technology leaders. Vinay also led software development centre and corporate IT group earlier. The Oracle E-Business Suite R12 was deployed globally under him, as were set up various quality systems such as ISO 27001 (for IT security), ISO 20000 (for IT services), and CMMi Level 5 (for Software Maturity).

Vinay started his career with VLSI R&D and technology transfer of 68000 based workstations and servers in the initial days of his career. Vinay holds a Bachelor of Engineering from Jabalpur Engineering College and Master of Technology from Indian Institute of Technology, Banaras Hindu University. He is also a Senior Member of Institute of Electrical and Electronics Engineers (IEEE).

Find Vinay on LinkedIn, and find out more about Claidroid at www.claidroid.com.

Claidroid is a Ubisecure partner. Read more about the partnership at www.ubisecure.com/news-events/claidroid-partnership-pr/.

We’ll be continuing this conversation on Twitter using #LTADI – join us @ubisecure!

 

Subscribe to
Let's Talk About Digital Identity

Or subscribe with your favorite app by using the address below

 

Podcast transcript

Let’s Talk About Digital Identity, a podcast connecting identity and business. I am your host, Oscar Santolalla.

Oscar Santolalla: Hello, and thanks for joining a new episode of Let’s Talk About Digital Identity. And today, we are going to have an imaginary trip to India and we are going to hear about digital transformation and identity compliance, among other things. And for that, we are inviting here one guest from our partners who is Vinay Sawarkar. He is the founder and CEO of Claidroid Technologies. With over 35 years of experience, Vinay has successfully held numerous roles with increasing responsibilities. He established and managed the global practices in e-Security and Service Management in partnership with global technology leaders.

Vinay also led software development centre and corporate IT groups earlier. The Oracle E-Business Suite Release 12 was developed globally under him as well as setting up various quality systems such ISO 27001, ISO 20000 and CMMi Level 5 for Software Maturity.

Vinay started his career with VLSI, a very large scale integrated circuits research and development and technology transfer of Motorola 68000 based workstations and servers in the initial days of his career.

Vinay holds a Bachelor of Engineering from Jabalpur Engineering College and a Master of Technology from Indian Institute of Technology, Banaras Hindu University. He is also a senior member of the Institute of Electrical and Electronic Engineers, IEEE.

Hello, Vinay.

Vinay Sawarkar: Hi, Oscar. It’s an absolute pleasure and privilege to be with you in this podcast.

Oscar: Thank you. It’s great having you. I’m really happy to have this conversation with you. And as always, we want to hear a bit more about the guest we talk. So please tell us about yourself and your journey to this world of digital identity.

Vinay: Of course. Very interestingly, I have had the passion for technologies from the early days, so after completing my course and specialisation in Integrated Circuits, I joined a company who was a pioneer in the semiconductor field in India. Through them, I was sent to Silicon Valley in mid ‘80s and received an exposure to the latest semiconductor technologies of the world.

Interestingly, I had attended an annual event organised by National Association of Software and Services Companies, which is a leading business group here in India – it’s also known as NASSCOM – in 1996 in Mumbai where the industry leaders talked about the user experiences which would be enabled by internet in the time to come such as online meetings, online seminars, video and movie streaming, online music, etc.

I clearly remember one of the speakers mentioning in the seminar that a few years down the line, internet would enable annual events to be held online and there would be no need to attend such events physically. How prophetic. I was absolutely fascinated. Today, it is unimaginable to live without those technologies, right Oscar?

Oscar: Yeah, no doubt.

Vinay: Yeah. So in mid-90s when the private players were allowed to open up the ISP operation which is the internet service provider operations in India, I received a rare opportunity to set up a world-class internet data centre using best of breed technologies from around the world. This was launched in ’99. And in the year 2000, it was rated as number one ISP in Mumbai by an independent third party agency, Chip, based on various parameters including the responsiveness and the experience for the users, for the subscribers, in competition to state players who were providing internet services for years, for so many years, and those were established.

So capitalising on this experience of working with the latest technologies while setting up the internet data centre, we established a global security practice way back in 2001-2002 timeframe in partnership with global technology leaders primarily focusing on implementing entire range of security solutions for customers around the world. For the following years, we successfully delivered security projects to hundreds of customers across various continents and verticals.

It is very interesting that from an era when just the firewall, a complex password and anti-virus solution was interpreted to be a strong security measure by an organisation in the late ‘90s, security landscape has evolved to cover various technologies including customer identity and access management solution which is aimed to provide a frictionless omnichannel experience to millions of customers while protecting digital identity of customers.

Oscar: So what I’m hearing, you had at least 20 years as an entrepreneur in the tech industry.

Vinay: Yeah, that was actually in the corporate but I had just started capitalising on that experience. We started Claidroid pretty recently and that’s something which I would like to talk about now. So I came out of the corporate world last year in 2020 and we thought of security services and we realised that this is a space where when we did the research we found that there is always a space for a nimble, agile, and responsive organisation to implement industry-leading security solutions cost effectively. We are committed to help the customers in every step of their digital transformation journey.

Shravan Narsingoju who himself is an MS from Greenwich University was working closely with me for many years earlier. He and I originally planned to set up Claidroid Technologies to leverage on my earlier experience of setting up global practice as I just mentioned and Shravan’s delivery experience of identity and access management solutions to UK and Europe customers for over two decades and more specifically to Finland customers for over a decade.

Based on Shravan’s earlier association, it was his idea to forge a strong partnership with European customer identity and access management leader, Ubisecure, to complement its top of the line CIAM solutions to leverage our deep domain technical expertise in identity and access management and bring value to the customers, specifically to European customers.

Therefore, it was natural for us to consider setting up a local entity of Claidroid Technologies in Finland as a part of our plan from day 1 to serve customers in Europe.

Looking ahead, we are also planning to set up a local entity in the US in 2022. I’m very happy to share with you, Oscar, that as we talk, we are working on some high-end customer identity and access management solutions for various prospects. We have been supported by a team of highly experienced and certified professionals committed to deliver cutting edge, future-proof technologies.

As you know, any leading technology solution today is based on either cloud or artificial intelligence or automation or a combination thereof. And therefore, the company has been aptly named as a cloud-AI-droid so Claidroid. That is how it is. I’m sure you may not be knowing this background.

Oscar: Yeah, I think quite a smart name definitely. And yeah, as you said, we are with the established company also in Finland which is fantastic. We are closer also to work together. Yeah, a fantastic story.

We haven’t really spoken too much about India. And of course, India’s digital identity context in earlier podcasts – just a little bit. We had actually an earlier guest who was Rainer Hörbe who talked e-government. He mentions the Aadhar project at some point but otherwise not too much about India. I really want to hear about that in this conversation with you. Please give us an insight.

Vinay: Yes. Sure, Oscar. So I’m very pleased to share that with aim to provide positive effect on Indian economy, Indian government had started initiative by the name Digital India about six years back. The objective was to ensure that the government services are delivered to citizens electronically with improved online infrastructure and making their country digitally empowered.

I’m very, very happy to share with you that India is on a perfect journey of digitalisation. In addition, India emerged as the second fastest digital adaptors among 17 major digital economies.

Currently, India has over a billion mobile phone users, over half a billion smartphone users. With over half billion internet users with additional 10 million internet users getting added every month, this is a very robust platform for facilitating rapid adaption of digital services in India.

Over the last few years, complete digital transformation programmes have been rolled to support capabilities across infrastructure, telecommunication, banking, energy, utilities, government, as well as entertainment sectors.

As you might have heard earlier, Aadhar identity platform is one of the key pillars of Digital India. With over 1.2 billion Aadhar cards, it is the largest biometrics based digital identification system in the world and a powerful catalyst of digital adaption in India.

Every resident of the country is ordered with a unique identity through this Aadhar card. It aims to provide a cradle to grave digital identity that is unique, lifelong, online, and authenticable to every citizen. It is robust enough to eliminate duplicate or fake identities and may be used as a primary identifier to roll out several government welfare schemes and programmes for effective services delivery, thereby promoting transparency and good governance.

It is very interesting, Oscar, to note that there is a direct correlation between digital identity as the means of putting technology at the service of socio-economic development of a country. As recognition for why it the basis for the individuals to be entitled with rights, receive public services, or benefit for much needed forms of social assistance without the need of any middleman, eliminating fraud, leakage, corruption, as well as documentation resulting in speedy access to the government benefits by citizens.

More importantly, it helps in a very efficient and transparent administration of public services as well as monitoring its progress. We have seen a very huge positive impact of digitalisation on Indian economy. For example, in service sector, there has been almost exponential growth in e-commerce. Today, e-commerce is essential for survival. A few years back, it was a good to have feature of company. As we all have witnessed during pandemic, the whole game has changed and the pandemic changed the requirement from good-to-have to must-have solutions.
The companies who had digital presence during pandemic had reported their business to go up substantially vis-à-vis those who had not invested in digital presence earlier, and actually literally struggling for survival.

A recent survey has indicated close to 70% of small firms and as many as 82% of large firms, had built their own website to reach clients.

The digital transformation is really transforming with these sectors. For example, India’s agriculture ecosystem is undergoing transformation with better access to delivering information to farmers such as soil, seeds, weather, and fertilisation, etc. After a harvest, farmers now have option to use various online marketplaces for agriculture produce to work and transact with a larger pool of potential buyers.

In manufacturing sector for example, digitalisation has helped organiasations to have wider customer base and market reach. It has also helped the manufacturing sector in purchase and inventory control as well as enabling them to handle competition much more effectively.

The impact on citizens during recent pandemic would be minimised to a very large extent and the government help would reach the affected population in India directly since majority of the financial transactions are now electronic and cashless. The banks are now competing against each other to provide seamless and frictionless user experience to their customers.

As you are aware, Oscar, legal entity identifier is being recognised in the banking industry globally and helping save millions of dollars in onboarding clients and KYC and anti-money laundering checks, etc., which was earlier being done manually and could often be from under that resources. So it is being used by business to business payment industry as a way to verify the credentials of the recipients and senders and is being labelled as a gold standard for financial transparency now.

To increase transparency within business organisation, mitigates risks, and reduces the likelihood of fraud. In line with the global trend, Reserve Bank of India has made legal entity identifier mandatory for transactions of of ₹50 crore rupees, which is actually transferring at about $7 million, and above by clients as in non-individuals using the Reserve Bank-run centralized payment system that is a Real Time Gross Settlement (or RTGS) or National Electronic Fund Transfer. It’s called NEFT.

And of course as we go forward, we expect to go above ₹50 crore which is mandatory now which will possibly come down as a requirement fo LEI.

So of course, yeah, with such measures, we firmly believe India is on a very exciting journey of digitalisation ahead, Oscar.

Oscar: Yes, definitely. The way you say it and with the facts you are sharing now, it’s definitely, I completely agree, a super vibrant journey. As I know that you at Claidroid is very focused, does different type of projects, very focused on digital transformation, so how do you see digital identity, the role of digital identity in digital transformation?

Vinay: Oh, Oscar, identification in digital age is very important because it converts human identity to digital data. I mean this conversion results in the digital identification of individuals, as well as their authentication at various points of access and, on that basis, authorisation for them to perform given actions or access given services.

Therefore, when there is a digital identity, the associated functions of identification, authentication, and authorisation assume very high significance. As you know, the recent pandemic has drastically changed our way of engaging with others. Practically, most of our interactions with our customers and collaborations with our partners across the continents are online.

A recent study suggested that last year, there were increased number of cyber-attacks because the attackers were having a fun time because everybody was online. So since most of the transactions are happening online, there is an inherent need to protect digital assets and identity of people and organisations through robust security measures.

Identity authentication is the most important aspect in ensuring security against data breaches. And therefore, identity and access management assumes very significant role to keep the threats at bay whether the organisation whether it’s a larger or a small and medium business. It is the only effective tool which can monitor who has access, what data, when and how, the only tool which confirms the identity of the person who claims who they are.

Identity and access management is focused on protecting the identities of the employees and prevent credential abuses by both internal and external sources and therefore does not focus on user experience as much as security.

Customer identity and access management we find on the other hand, generally provides high-quality, smooth, pleasant omnichannel customer experience, designed to increase customer engagement and at the same time ensuring security of credentials.

Oscar: Yes. You just said this, there need to be balance between user experience, convenience and security, because security is a must today. You just mentioned that due to the pandemic, we are using the internet more. We are communicating with others more through the internet.

And of course, security is more complex. You also said earlier that in the end of ‘90s and beginning of 2000s, the security was – you needed a short checkbox – you have antivirus, firewall, those kind of things.

Vinay: Yes, the firewall. I know firewall used to be – if you have firewall, people used to feel that they are protected against bad actors. And antivirus of course if there is something that – but I think it has evolved.

Oscar: Somehow, we were secure that way. But now, you need, I don’t know how many checkboxes that you would need at this point. Many are being of course as you said, delivered by identity and access management, the security side. But another side that’s very important that also identity and access management delivers is about regulations. So could you give us some specific examples of how identity and access management helps with compliance?

Vinay: Yeah, it’s actually interesting. When you talk with some industry experts or generally in the industry, they generally interchange the terms – privacy and security. They believe that when they are deploying technologies such as encryption, firewall, and tokenisation etc. they believe that they are taking care of privacy compliance, where actually that is not correct. These are all good security technologies and of course they provide protection against bad actors but they are definitely not ensuring privacy compliance.

The technology which is being used in forefront for privacy compliance is an identity and access management solution. Yes, a customer identity and access management solution is a well-rounded way of customer insights. Yes, it provides highly secured and seamless customer experience with consistent authentication even at a very large scale. Yes, it provides a unified way of data in different silos to help companies understand customer’s activity from various access point but I think the most important aspect is that more than customer identity and access management solution enables the organisation to comply with regulations and guidelines laid down by government such as GDPR in European Union and will help compliance with upcoming Personal Data Protection Act in India apart from meeting other compliance requirements such as open banking and PSD2.

The organisations are preferring to go for the modern digital identity management solutions from leading technology vendors instead of sewing the multiple digital system together and modifying traditional identity measures management system because that way, they can focus on their core business with the security aspect being taken care by technology vendors leaders, not only keep pace with their technology but also ensure the solution keeps getting updated over the years.

These customer identity and access management solutions enable centralised access, review, transfer, and deletion of personal identity and viable information, consent collection management, and revocation, which are all the privacy requirement. The customer identity and access has been also used as option to provide preference within the application, letting them decide how an organisation can use their data. They also deliver capabilities that look into regional data storage and other privacy requirement which are required for privacy compliance. And because they have been built ground up, they take care all of the compliance requirements.

So I believe you cannot substitute a customer identity and access management solution with anything, with the firewall or antivirus or something for compliance. You just cannot do that.

Oscar: Yeah, yeah, that’s correct. It’s a different tools, different solutions for different problems. There are of course some overlaps but yeah, you have put it very clearly in this sense.

And talking about the compliance and I’ve been chatting with you and some of your colleagues, in the recent months, we have had some workshops together and you have mentioned at some point when we talked about privacy and compliance, you mentioned that there is a Personal Data Protection bill in India. So, I would like to hear more about that.

Vinay: Yeah, of course, Oscar. This is a hot topic today in India. And obviously, privacy is better discussed very hotly in India. With over half a billion internet users, India provides outstanding business opportunity to international companies especially in e-commerce. With a view to provide protection of personal data of individuals, the Personal Data Protection Bill was discussed in the Indian Parliament. It is currently undergoing reviews and refinements before it is passed and becomes a regulation as the Personal Data Protection Act, and will have to be complied by the organisations in India.

Whether discussion on Personal Data Protection Bill results a separate session with you, we may have it later, let me share with you some of the highlights.

The regulation primarily aims to provide consumers with new privacy rights pertaining to personal data collection, which requires a user took concern to their information being collected and shared. It prohibits processing of personal data without any specific, clear, and lawful purpose. The sensitive personal data may only be transferred outside India for the purpose of processing only when explicit consent is given. And explicit is the keyword here.

The draft bill also has a provision for establishing data protection authority. Data localisation is another important aspect being handled by Personal Data Protection Bill. While the local organisation started pitching that Indian data should not be – should be owned only exclusively by Indian citizen, there is another group of companies, global companies, who are against data localisation. They want to use their data for their own purposes.

In the current form, the bill prohibits processing of sensitive personal data and critical personal data outside India, unless there are some specific conditions.

The bill, while requiring sensitive data to remain on servers within India’s territory, at the same time permits non-sensitive data to be stored outside of the country.

So just like the GDPR, various strict penalties are there, Oscar, in Personal Data Protection Bill which is being right now discussed greatly, which is up to 2% of the previous year’s global or 5 crore rupees which is almost about $700,000 for minor violation of the laws such as traditional data breaches and can reach up to 4% or 15 crore rupees which is equivalent to about $2 million, whichever is higher for a major privacy violation. So it’s very serious business.

A single data breach can compromise personal data of millions of users and damage the reputation of the company forever since it is the company’s responsibility to protect the data of their consumers. And once the data is compromised by an organisation, it is very unlikely that customer would ever do business with that organisation in the future.

So identity and access management assumes prominence in such scenario and is responsible for protecting the organisation from such breaches. Whether as a large organisation or small to medium organisation, it is the only tool for monitoring who accesses what, when, where, why, and how.

Oscar: It sounds like a very strong regulation, the one that is coming. So you mentioned that it’s now in the Parliament still.

Vinay: Yeah, it is in the Parliament. So it has gone for review now. So there is a committee which is reviewing it. It is being refined and some more amendments are taking place. And hopefully, once it comes out and it passes through the Parliament, it becomes an act and compliance will be implemented. Right now, it is not – right now, it is not act. It is not a requirement. But we’re on the way actually, anytime this can come and this will open the organisations start taking of their compliance very seriously.

Oscar: Yeah, definitely. So we can say that for sure in 2022 it’s going to be already in practice.

Vinay: Yeah. That’s what we are hoping. And before that, we have been ensuring that whatever education we can provide to our customers, we are providing that information so that they take privacy very seriously.

Oscar: Yeah, absolutely. So Vinay, for all business leaders who are listening to us at this moment, so what is the one actionable idea that they should write on their agendas today?

Vinay: As I just mentioned, I think digital identity is like a passport to the digital world. And while it is important for people, government, society, and most important to the economy, but at the core of the infrastructure is a secure digital identity, which is essential to the function of daily life, especially during a pandemic. It is reported that India may add up over 200 billion US dollar to gross domestic product in the next three to four years in the small or medium businesses.

Cloud and security are the two top most traditional technologies that small and medium businesses are conserving for investment for improved customer experience, improved operations, or services delivery, and improved finance predictability.

However, there are challenges such as shortages of digital skills, talents, lack of enabling technologies, lack of commitment, or budget from management, which have to be addressed for a success in the digital transformation of the organisation.

I believe that for a digital transformation initiative to succeed, apart from defining a vision and investing in the latest technologies, the business leaders should involve the relevant leadership team actively and also most importantly, focus on changing the organisation culture so that it is ready to adopt the transformation. So it is not just the technology, I think organisation culture assumes equally significant role in this whole journey. So I think that is what my recommendation is for the leaders.

Oscar: Yeah, perfect. I couldn’t agree more, Vinay. And thank you a lot for this very interesting conversation about Claidroid and how things are in India and all the opportunities that happen there.

So, please let us know how people can get in touch with you or learn more about what you are doing or Claidroid is doing.

Vinay: Yeah. So we have a website, www.claidroid.com is the website which is where one can connect. And then I’m available on Twitter with my name. I have also given my mobile number on the LinkedIn profile. Shravan is there. He is available in Finland. One can reach him. And we are there, of course. We are there to take up any discussion with whoever wants to have.

Oscar: Perfect. Again, thanks a lot, Vinay, for this conversation. And all the best.

Vinay: It was a pleasure, absolute pleasure for this and having taken part in this podcast, Oscar. Thank you so much.

Oscar: Thank you, Vinay.

Thanks for listening to this episode of Let’s Talk About Digital Identity, produced by Ubisecure. Stay up to date with episodes at ubisecure.com/podcast or join us on Twitter @ubisecure and use a hashtag, #LTADI. Until next time.