CXO of the week: Ruchin Kumar, VP South Asia, Futurex

Futurex is a global provider of hardened enterprise-class data security solutions. Over 15,000 business and financial organizations use the company’s innovative cryptography and tokenization solutions to address mission-critical data encryption and key-management needs. It serves Indian customers across BFSI, E-Governance, Retail, Telco, and Automobile sectors, securing high value transactions. Some of the large enterprise and fintech as major clients have joined in rapidly growing customer base for Futurex in India. It is the only company to offer cloud-based hardened enterprise-class data encryption solutions locally in South Asian region. Futurex Cloud HSM solutions help organizations migrate their aging cryptographic infrastructures from end-of-life legacy solutions.

Ruchin Kumar is Vice President of South Asia at Futurex, where he is working with BFSI, Government & Enterprises dealing with critical data and where security & compliance is a concern. He is responsible for developing partner and channel networks, developing strong relationships with the key customers, robust business growth and monitoring of business operations in the South Asia region. Having over 24 years of experience in the IT industry with the past 20 years in the IT security domain, Ruchin has worked very closely with central banks and regulators in SAARC and ASEAN region in implementing security in payment systems, banking infrastructure and inter-banking settlements.

Recently we have engaged in an interview with Ruchin Kumar, VP South Asia, Futurex. He shared his views on how tokenization and application encryption is adding more teeth to cyber security and also share his journey so far.

Introduction.

Futurex is a provider of hardware cryptography solutions with a company history dating back 40 years. Our solution suite comprises HSMs, key management servers, cryptographic management tools, and fully managed cloud services. Futurex operates data centers in every major geographic region, allowing us to serve customers at a global scale.

What are Futurex’s offerings in the tokenization space?

Companies that store customer data — be it PII or billing information — often use tokenization to render it unreadable in the even of a breach. Tokenization is a cryptographic process that substitutes clear data withrandomized placeholders called tokens. Futurex offers an innovative version of this service called vaultless tokenization, which securely generates tokens without relying on token databases or “vaults.”

What are its advantages and how do they allow organizations to reduce the scope and cost of regulatory compliance?

Vaultless tokenization is an easy way to secure data while minimizing clear data and reducing compliance scope. Futurex’s vaultless tokenization solution uses RESTful APIs for easy web integration and greater customization options to limit data exposure, such as role-specific detokenization. Combining tokenization with better permissions management is a good step toward strengthening an organization’s security posture.

What are the common mistakes they commit while implementing Application Encryption? What kind of risks such oversight poses to organizations?

Application is a proactive way to protect sensitive data. Files and data fields are encrypted at the application level, before being moved or stored, to limit the exposure of data in the clear. Futurex offers application encryption services through a combination of general-purpose encryption and key management. It is this latter concept that is sometimes overlooked: an organization must implement reliable key management in tandem with general-purpose encryption so that the encryption keys are created, distributed, rotated, and retired in a secure way. Indeed, key management is essential to incorporating encryption into client-facing applications.

Do you see demand for new security solutions from telcos and companies looking to benefit from 5G?

In India in particular, the IT Act requires calls to be digitally signed, in order to authenticate them against fraudulent robocalls. This requires the use of a certificate authority (CA) to generate, issue, and manage certificates and signatures. After deploying a CA, a telco must ensure that it can establish mutual trust with another telco’s CA, allowing each network to communicate with the other. This typically requires some kind of integration, which Futurex has assisted with in the past.

As 5G has already been launched. Are you replicating those services in the Indian market as well or the Indian market needs a different kind of approach?

Futurex has assisted 5G providers with encryption services such as CA and PKI, which Indian telcos require to sign calls and authenticate messages. The technology that powers these solutions is certified under the international PCI compliance standard. As a fast-growing payment and financial services hub, India adheres to this standard to ensure a high level of security is maintained. As such, Futurex solutions are highly transferrable to the Indian market, and that of the APAC region in general.

What are general security and compliance challenges for Fintech?

India has seen the emergence of thousands of new fintechs, as well as other innovative payment services providers. These organizations rely on cryptographic services to secure their solutions, make them compliant, and get them to market. However, the cost of deploying on-premises cryptographic infrastructure can pose a challenge to some of these organizations. A solution to this challenge is to deploy cryptographic infrastructure through a cloud service, such as Futurex’s VirtuCrypt. A managed cloud service allows organizations to fulfill every required cryptographic need while lowering deployment and management costs.

Important points to be considered by Fintech in the selection of services.

Every application has to be integrated with a security solution via an API, so it’s important to select a solutions provider with flexible integration options. Futurex solutions offer near-universal compliance with all common APIs to make this process as simple as possible for customers. In addition, the cloud service must offer a comprehensive range of services — from payment and general-purpose encryption to key management — so that an organization can easily deploy new use cases as its needs evolve over time.

How is Futurex helping Fintech in South Asia and beyond to facilitate data confidentiality?

In an effort to better serve customers in the APAC region (and the global market in general), Futurex has established data centers in every major geographic region. Futurex operates two data centers in India to provide its customers there with lower latency, higher availability, and compliance with data localization requirements. Additionally, Futurex is constantly researching and developing innovative new cryptographic solutions to help organizations maintain compliance and harden their overall security postures.