Transforming Cybersecurity - Qualys’ Vision for Resilient, Real-Time Security

As the digital age accelerates, so does the sophistication of threats. In an illuminating conversation, Deb Jyotiprakash, MD-India & ASEAN, Qualys, shares insights on creating robust cybersecurity solutions that cater to diverse client needs, from small fintech firms to large enterprises and governmental bodies. Minu Sirsalewala, Executive Editor, Dataquest, deliberate Qualys’ unique approaches to risk management, cloud neutrality, and industry-leading compliance strategies.

With over 15 years at Qualys, Deb Jyotiprakash has played a pivotal role in shaping the company’s footprint across India and APAC. Known for his strategic foresight and intimate understanding of the Indian market, Jyotiprakash has been instrumental in advancing Qualys’ mission to make cybersecurity accessible, comprehensive, and adaptable to diverse digital landscapes.

Our new offerings - CNAPP provides comprehensive cloud-native protection, while TrueRisk links vulnerabilities to threats, helping clients prioritize key risks.

Under his leadership, Qualys has not only expanded its client base across varied segments but has also pioneered several security solutions that cater to emerging needs. The company’s cloud-native, cloud-agnostic approach and relentless focus on innovation enable it to meet the demands of a digital-first India while staying flexible enough to handle each client’s unique challenges. In a discussion held alongside Qualys’ 25th-anniversary celebration, Jyotiprakash provides insights on Qualys’ strategic direction, the importance of risk quantification, and the company’s foundational emphasis on compliance and culture.

Qualys’ approach to cybersecurity is well-regarded. Could you share how Qualys distinguishes itself in the competitive Indian market and plans to expand its customer base?

Certainly. At Qualys, we define “new business” as true net new customers rather than just selling more products to existing clients. This mindset helps us stay client-focused, delivering value whether we’re working with a client managing just a few assets or with one overseeing a vast, intricate infrastructure. For example, we serve clients of all sizes, from small firms spending around $500 annually to large enterprises. Our smallest customer, for instance, has only three assets, while our largest has assets that are challenging to count.

Our land-and-expand strategy isn’t about indiscriminate growth—it’s about smart, adaptive expansion. In India, this means entering tier-two and tier-three cities and working with partners embedded in these markets. We’re seeing robust demand among digital-native companies like fintechs and startups, particularly those that are fully cloud-based and understand the intrinsic value of a cloud-native platform like Qualys. This “mushrooming ecosystem” is filled with companies that already appreciate the benefits of the cloud, making Qualys an easy, seamless fit.

You often describe Qualys as both “cloud-native” and “cloud-agnostic.” How does this approach work in practice, and what advantages does it bring to clients?

Our approach to being cloud-native but cloud-agnostic is quite distinct. While Qualys runs its infrastructure on its data centres, we leverage Oracle Cloud Infrastructure (OCI) in certain regions globally. That said, we’re not on public cloud infrastructure like AWS or Azure by default. This agnosticism is important because our clients use a range of cloud providers based on what best suits their needs. Some clients work exclusively with AWS, while others prefer Azure or even Alibaba.

Qualys remains flexible to these preferences because our mission is to support clients’ goals—not to dictate cloud loyalties. While many vendors are tightly coupled with specific clouds, we want clients to see us as an enabler. We’re cloud-agnostic because our clients are, and that adaptability is central to our model.

Qualys has built a reputation as an innovator in cybersecurity. Could you highlight some recent product developments, and how these align with the broader industry landscape?

Innovation at Qualys is continuous and driven by an understanding of evolving threats. We began in 1999 with automated vulnerability scanning, a breakthrough at the time. Over the years, we expanded this to vulnerability management, risk-based vulnerability management (RBVM), and now continuous threat exposure monitoring (CTEM). Each evolution added depth to our platform, addressing new facets of risk as the landscape became more complex.

Our land-and-expand strategy isn’t about indiscriminate growth—it’s about smart, adaptive expansion. In India, this means entering tier-two and tier-three cities and working with partners embedded in these markets.

Our CNAPP, or Cloud-Native Application Protection Platform, is one of our latest advancements. It’s the most comprehensive of its kind, covering the entire scope of cloud-native app protection. Another new addition is TrueRisk, which ties vulnerabilities to threats with precision, helping clients prioritize where their attention is most needed.

We’re also leading with solutions like cyber risk quantification (CRQ). Unlike traditional models, which often fail to resonate with boards or C-levels, CRQ translates risk into financial terms—language the board understands. This makes it possible for cybersecurity teams to showcase a true ROI on security investments, making cybersecurity an enabler of business growth. We’ve also doubled down on remediation engineering, ensuring our clients not only identify problems but also can address them rapidly and at scale.

Qualys is notably involved in India’s public sector, especially with UIDAI. What has been the impact of securing such high-stakes assets, and how has this shaped Qualys’ engagement with other government bodies?

Securing UIDAI is a tremendous responsibility and a point of national pride. This project is not just another business engagement for us; it’s a commitment to supporting one of the country’s most critical data infrastructures. While our association with UIDAI does enhance our reputation, we approach each government project as a unique opportunity, evaluated from scratch based on specific needs and requirements.

We have multiple government clients today, from PSUs to defence agencies, who recognize the value of our scalable, cloud-native architecture. It’s like buying a watch—considering Titan is almost automatic in India. Similarly, any agency serious about cybersecurity will have Qualys in the mix. It’s part of the trust we’ve built over time.

Compliance is a major consideration in cybersecurity. How does Qualys ensure high compliance standards, and what role does this play in your client relationships?

Compliance is at the core of our operations. We deal with clients in highly regulated industries like BFSI, healthcare, and government, who demand the highest security assurances. Qualys holds certifications such as SOC 2, ISO, and FedRAMP, and we continually update our compliance protocols to meet new standards.

“cloud-native” and “cloud-agnostic” - Qualys remains flexible to these preferences because our mission is to support clients’ goals—not to dictate cloud loyalties.

Our clients see our compliance as a testament to our reliability. It’s one thing to deliver cybersecurity solutions, but when clients need their data protected to stringent regulatory standards, they choose Qualys because we’re proactive and transparent in our compliance practices. We even participate in audits when requested by clients, ensuring that they have complete confidence in our security measures.

Qualys recently announced the world’s first Risk Operations Centre (ROC). Could you share more about this initiative and how it differs from a traditional Security Operations Centre (SOC)?

The ROC is a natural evolution in cybersecurity. SOCs were designed to manage alerts and events, to triage issues, and to coordinate responses. But today, cybersecurity is broader, encompassing multi-dimensional risks that extend beyond conventional monitoring. The ROC, or Risk Operations Centre, takes a comprehensive approach to risk management, factoring in everything from technology and tools to processes and even personnel.

Through ROC, we’re creating a single pane of glass for risk management, allowing clients to streamline risk oversight across various vectors. It’s a model that’s both inclusive and proactive, and we believe it will redefine risk management in cybersecurity. We’ve also developed a Managed ROC (MROC) that enables partners to deliver this model to clients, allowing businesses to focus on their core objectives while we manage their cyber risks.

What does the future hold for Qualys in India? Any significant plans on the horizon?

India is an integral part of Qualys’ global growth strategy. Our investment in India is strong; we’re actively hiring across several functions, with over 300 open positions in areas like product engineering, threat research, and client support. India has become a hub for Qualys innovation and we’re proud of the talent we’ve cultivated here. We’re also expanding our physical footprint, with plans to fill two more office floors to support this growth.

In the coming years, we aim to double down on our commitment here, and I’m confident that India will play a critical role as we work toward our billion-dollar revenue goal.

Finally, what would you say defines Qualys’ corporate culture? How does this culture influence your day-to-day operations?

Qualys has a unique, startup-like culture despite being a mature, 25-year-old company. We’re flat, open, and collaborative. Employees across all levels—from the newest hire to the CEO—share a collective enthusiasm for problem-solving. Our culture encourages transparency and innovation; we actively seek feedback from our clients and integrate it into our products. We even invite employees to submit ideas for features or products, and the best ones are rewarded and implemented.

This culture of co-creation and trust has been critical to our success. It’s also why many employees stay with us long-term; they feel connected to the mission and take pride in our shared achievements. It’s more than a job—it’s a commitment to making a difference in cybersecurity.

Deb Jyoti Prakash

MD-India & ASEAN, Qualys

minus@cybermedia.co.in