Company profile: Paramount

How Paramount hedged its bets on information security

Tags: ParamountSystems integrator
  • E-Mail
Company profile: Paramount G. Ramaswamy, COO, Paramount.
By Staff Writer Published  June 30, 2014

What is Paramount’s history and strength?

We were born in 1992 by an ambitious Indian who came in and set up operations. Version 1.0 of Paramount, as I like to call it, was a PC business. This business ran for about seven or eight years. But we wanted to see how to scale the company to do something different. The PC business was by then getting very crowded.

The idea then was to look at information security as an area to focus on. We gave birth to Paramount Version 2.0, and made a clean switch from 1.0.

You need to appreciate the fact that, back then in 1999, the world was very different. Even in developed countries, even in the United States, a lot has changed in the past 15 years, particularly in the field of information security. Looking back, call it a bold move, call it a risky move, whatever, we decided to look at information security and got into that.

What approach did you decide to take when making the switch?

Having decided to get into information security, we decided that we needed to look at it holistically, and in a complete manner. And also we said that we needed to do something different. We said that we’d introduce technology companies that were not prevalent or existing in the region, and we took it upon ourselves to get these companies here.

Our first port of call was Trend Micro, which is now a big company. They were non-existent in the region then, but we reached out to them, gave an introduction about ourselves, described the space, described the region, described the potential customer profile, and it attracted them. That’s what gave birth to the synergy of the relationship, and from there on, we’ve launched a variety of technology vendors, which today are present in the region but were not in those days.

We introduced WebSense into the region, we introduced Tipping Point to the region. Plus we have introduced some niche vendors which form a particular segment within information security, which is important.

But quickly, what we said was that technology is one part, but that doesn’t represent security in an all-encompassing manner. We realised that, if you want to be secure, or if you want to look at information security, we ought to look at it from a people, process and technology perspective. Technology alone is not going to get you there. We then invested in terms of getting people who understood the process part, who could eventually get to a compliance standard if required.

How have you taken this approach forward?

The way we look at information security overall is that we’d like to see what are the customer’s pain points. It all starts with the understanding of risk, and if we have a common understanding of risk, we can then look at mitigation measures, and mitigation measures could be, depending on where the gap is — it could be a people gap, a process gap, or technology gap. We look at security holistically, we look at where are the gaps could be. If it’s a people gap, for example, we do a series of rigorous audits, where end customers can audit themselves.

Leading studies have shown that, a lot of the time, breaches happen inside. People inadvertently, or otherwise, leak data out. These kinds of people awareness programmes can happen repeatedly, and that in itself can lead to a more secure environment.

When you became Paramount 2.0, what kinds of things were you doing, given how different the security landscape was back then?

It was endpoint security and firewalls. In the whole intrusion space — the firewalling which defines policies over what you can and cannot do — there was this concept called the intrusion detection system, which detects an intruder, but cannot prevent it. But then that evolved into intrusion prevention systems. This whole space has now been consolidated into next-generation firewalls.

What differences do you see in the threat landscape since you started?

It’s always changing. Traditional intrusion came from the network level. It then changed to a layer above the network – it went to the application level. Then it went to the internet, to the browser, and so on. This whole chain has moved to one layer to another, depending on how you keep on blocking and the advances keep on improving. And it’s not just one type of attack; the threat vectors themselves have become manifold.

What are some of Paramount’s biggest successes from the past year?

We’ve had some huge wins in firewalling and in intrusion prevention systems. I’m talking large-scale, mission-critical deployments for service provider infrastructures and things like that. But we’ve also been doing some pretty key work in the space of SCADA. We’ve been working with some large oil & gas companies to assess the gaps within the SCADA infrastructure, and then we’re also mitigating that by recommending and implementing solutions.

We’re actively engaged in the identity and access management space. We’re working with some pretty large customers, looking at the entire lifecycle of identity access management. In the content and data space, we’ve taken numerous projects on data leak prevention.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code