Open source has always been considered to be complicated, which merits intensive training and learning. But nowadays, we have firms like Unmukti, who share their open source know-how with small and medium start-ups in the country, enabling them to operate within the open source ecosystem and manage security services.
We spoke to Nishant Sharma, lead technologist and founder, Unmukti Technologies about his idea behind starting up a firm that facilitates hassle-free use of open source in organisations across India.
Q: Could you explain the profile of your company?
A:Smart new-age companies want to pay for having their pain points mitigated rather than for a piece of hardware or software. Our scalable, completely managed, pay for use services solve any information security problems they have.
Unmukti’s core knowledge base stems from engineers with a strong networking and FOSS background with proven expertise in building and managing information security solutions. Our founding team includes IIM / NIT alumni who understand the business needs of SMEs, having worked closely with many organisations during their stints at the Royal Bank of Scotland, Colt and Cognizant.
I am a technical lead here with an experience of FOSS at various companies ranging from an SME focused FOSS startup, a datacenter and VSAT provider and at last a large Pan-European ISP. I also used to be a translator for Debian Installer to Hindi during 2005-2007 and had contributed to Open Street Map project. There are various other nondescript contributions to the FOSS community as well.
Q:What solutions do you offer?
A:Our flagship offering is Hopbox , which is a Managed Network Security Service for SMEs and Multi-Location organisations. The other product is Evorta Secure Content Distribution Platform on USB flash drives. It is primarily in use by education companies to securely distribute video lectures and other IP protected content to the students.
Q: Why have you chosen Open Source Technology?
A:We are a strong believer in FOSS philosophy and ourselves having been contributed to various FOSS projects, there was no question of moving away from FOSS. We want to make it easy for companies to adopt Open Source without making their learning curve steep and adversely affecting their business.
Q: Are there inhibitions about security aspect of Open source technology?
A:Considering security market, there are some inhibitions due to various product certifications being prevalent in the market and the mindset that a certain brand of product is the best.
One should understand that a product is not enough to provide security. It is a dynamically evolving arena where knowledge brings secure practices into an organisation. Add to that a policy of regular monitoring, analysis and correlation of events, which is more important to thwart the emerging threats than a setup and forget appliance.
While on the other hand, most of the commercial products (including certified ones) have Open Source components at their core which may either be the kernel, proxy server or an IDS.
Talking about Intrusion Detection and Prevention systems, Snort is one of the world’s most widely deployed software. Suricata is also gaining ground. Squid is also one of the widely deployed proxies and is base to many commercial solutions.
More than that, if you look at CVEs reported in the past, Open Source projects are more forthcoming with accepting the bugs and much faster to release the updates and fixes.
Q: Tell us about Unmukti’s service Hopbox?
A:Hopbox is a Pay-as-You-Go Managed Security Service, designed specifically for Indian SMEs and multi-location organisations. It consists of an embedded appliance at customer’s premises and a cloud based Policy, Filtering, Monitoring and Reporting engine. Our team installs, configures, manages and continuously monitors the security parameters of the customer’s networks. Customers are provided with real time alerts, periodic reports and insightful analytics. Threats learned and thwarted at one network is actively mitigated at all other customers.
In practice, usually an organisation would need to purchase a security appliance, associated licenses, get it configured through the re-seller or a consultant and then either train an internal IT staff or hire a security specialist. All of which costs money.
Hiring and Retaining a full time security expert is difficult as she may not get enough challenges in a small to medium sized network and may decide to move on. On the other hand, if an internal resource is given a basic training to manage the appliance but she may not be adept with the concepts and lack the requisite skills to handle constantly emerging threats
Hopbox solves all these problems for smaller networks where user base between 10 to 50 and medium sized networks upto 300.
Multi-Location organisations like Retail Chains, NBFCs, Restaurant chains etc. face different kind of problems where they can’t afford to put an IT resource on every store or branch office. Point-to-point connectivity is not available everywhere with the same ISP or is not affordable and of good quality at times. Desktop or IT support is usually provided over GoToMyPC or Teamviewer from the Head Office, which should not be happening in an ideal scenario.
Here, Hopbox helps organisations connect all their offices together while IT staff is not bogged down with managing security appliances at all their locations. Cloud based central Policy & Filtering Engine ensures that all the locations are secured and Internet bound traffic like Web, Email etc. goes directly to the Internet and is not back-hauled to the HO. IT staff from HO can easily provide support using VNC or RDP over encrypted VPN tunnels securely and keep a tab on users easily.
Benefits of having a central cloud based Policy & Filtering Engine also ensures that we can handle 0-day threats much more effectively at a single place instead of worrying if signature updates are being pulled by the appliance.
Q: Could you tell us about your list of clientele?
A:Our clientele range from a CA firm (Mukesh Raj & Co), an ERP software development company (Ginesys), a boutique investment banking company (Resurgent India), a manufacturing and fabrication company (Desfab Engineers) to a large retailer with more than 64 locations (VMart Retail Ltd.).
All of our clients are from different verticals and have minimum 10 people setup to a maximum of 700 users. We also have distributed locations of clients across India from Srinagar in J&K to Jamnagar in Gujarat and Udaipur in Rajasthan to Bhagalpur in Bihar which are effectively being remotely managed by us, without ever a need to visit a single location.