Zoho’s Chandramouli Dorai on how businesses can protect their digital assets

As organisations continue to roll out modern digital initiatives, their attack surface also expands considerably leaving their digital assets more vulnerable to cyber-attacks. Chennai-headquartered IT firm Zoho Corp, which offers software and web-based business tools, has been growing its security offerings and investing in its security infrastructure. In an interview with TechCircle, Chandramouli Dorai, Chief Evangelist, Cyber Solutions & Digital Signatures, Zoho Corp. explains the importance of protecting the digital assets of businesses, how companies can step up their security game and how Zoho, as an IT services provider is addressing this space. Edited excerpts.

With security threats continuously evolving, what are the most pressing challenges enterprises face today in safeguarding their digital assets?

As security threats evolve, enterprises face significant challenges in protecting their digital assets. India has recently become a prime target for cyber-attacks, including phishing, ransomware, and data breaches. Attackers now employ advanced AI techniques, complicating detection and response efforts. Additionally, the complexity and constant evolution of regulatory requirements, such as the Digital Personal Data Protection (DPDP) Act, Information Technology Act, and General Data Protection Regulation (GDPR), present compliance hurdles.
Many organisations still depend on legacy systems and hybrid environments, which complicate infrastructure management for IT teams lacking appropriate cybersecurity solutions. Financial constraints further limit budgets for security measures, training, and awareness. Moreover, a shortage of skilled cybersecurity professionals hampers the ability to build robust teams capable of implementing effective security controls for swift incident management.

What critical measures should businesses adopt to stay ahead of potential security breaches, especially as cyber-attacks become more sophisticated?

To mitigate potential security breaches, businesses should allocate IT security budgets in line with their goals, ensuring IT teams are equipped to combat rising cyber-led threats. Leveraging AI and machine learning (ML) can enhance breach detection and response, allowing for rapid analysis of large data sets to identify anomalies. Regular security assessments, workforce training, and penetration testing should be prioritised, along with establishing clear incident response plans and dedicated security teams to minimise damage and reputational loss. Compliance with data protection laws not only avoids penalties but also strengthens overall security.

Which cybersecurity tools do you consider essential for modern businesses, and how does Zoho's suite of solutions stand out in addressing these needs?

While every business is different, with unique problems that demand unique solutions, essential cybersecurity tools for modern businesses typically focus on three areas: protecting data, building secure IT infrastructure, and ensuring regulatory compliance. Zoho's integrated cybersecurity suite addresses these needs through solutions like Zoho Directory for identity management, Ulaa for secure browsing, Zoho OneAuth for multi-factor authentication, and Zoho Vault for password management. This suite enhances data protection and enables secure internet access while safeguarding employee privacy. ManageEngine, Zoho's sister division, offers a comprehensive range of IT management solutions, including endpoint management, privileged access management, and IT analytics. Together, Zoho.com and ManageEngine provide a holistic approach to managing business and IT operations securely.

How can organisations balance implementing robust security measures while maintaining operational efficiency and user experience?

To begin with, IT teams should start adopting cloud technologies that can help them scale and operate efficiently by leveraging the robust security measures already implemented by cloud providers. Most cloud solutions also offer automatic patches for new vulnerabilities, which tackle weak spots without any manual intervention. Also, implementing role-based access control and multi-factor authentication ensures that only authorised personnel access sensitive data. Additionally, using AI tools to automate daily security operations allows IT teams to concentrate on strategic initiatives while maintaining security.

As the threat landscape evolves, how do you envision the role of AI, machine learning, and automation in shaping the future of enterprise cybersecurity?

As the threat landscape changes, AI, ML, and automation will play crucial roles in shaping enterprise cybersecurity. These technologies can efficiently process vast amounts of data, identify potential threats, and reduce false positives through self-learning models. AI- and ML-driven predictive analytics can enhance threat intelligence by monitoring unusual login patterns and enabling prompt responses to suspicious activities.

How are companies like Zoho addressing the emerging threats in cyberspace?

At Zoho, we prioritise the CIA triad—confidentiality, integrity, and availability—in our data security operations. Our dedicated cybersecurity and IT teams enforce principles like security by design, the zero-trust model, and a security-conscious culture among employees. By utilising our own cybersecurity solutions, we continuously improve our security posture. Implementing multi-factor authentication, role-based access control, and having a robust incident response plan are essential for protecting sensitive data. Ongoing security awareness and skill development also bolster our overall security stance.

How are companies addressing the cybersecurity talent shortage in India?
To tackle the cybersecurity talent shortage in India, companies are adopting diverse hiring practices, specialised training programs, and upskilling initiatives. Collaboration among businesses, government, and educational institutions is vital to bridging the skills gap. By partnering with academic institutions to develop relevant curricula and establishing training programs with industry experts, we can better prepare future professionals for the evolving cybersecurity landscape. Continuous coordination is necessary to meet the growing demands in this field.