As India accelerates its digital transformation, the cybersecurity landscape is undergoing a seismic shift. With AI-powered attacks growing increasingly sophisticated and regulatory frameworks, such as the Digital Personal Data Protection Act, tightening compliance requirements, Indian enterprises face an unprecedented challenge: how to innovate rapidly while building fortress-like defenses. From deepfake fraud to quantum computing threats, traditional security paradigms are crumbling. In this exclusive conversation with CIO&Leader, Sajiv Nair, who serves dual roles as CIO and CISO at ESDS Software Solution Limited, reveals how Indian companies are reimagining their security strategies. He discusses the death of perimeter-based defense, the rise of Zero Trust architecture, and why transforming employees into “human firewalls” has become mission-critical for boardroom conversations about cyber resilience.
CIO& CISO
ESDS Software Solution Limited.
Cio&Leader: AI is increasingly being weaponized by attackers—deepfakes, automated phishing, and AI-driven malware. How do you see enterprises in India recalibrating their security strategies to stay ahead of such intelligent threats?
Sajiv Nair: Indian companies are re-adjusting their security plans to stay ahead of AI-powered, weaponized threats by merging high-end AI-powered security solutions that can detect and neutralize deepfakes, automated phishing, and AI-based malware in real-time. Companies are utilizing machine learning and behavioral analysis to detect suspicious activity and automate incident response, enabling them to swiftly identify and isolate sophisticated attacks that legacy tools often miss. In addition to technical innovation, a significant focus is placed on training employees through focused training that raises awareness of AI-powered threats and strengthens the “human firewall” against phishing and social engineering efforts. Peer collaboration for threat intelligence sharing, embracing Zero Trust concepts, and ongoing security monitoring are also becoming de facto practices, enabling businesses to develop resilience and sustain digital Trust in a changing threat environment.
CIO&Leader: With India tightening its data protection and cybersecurity compliance mandates, what are the biggest challenges for CIOs and CISOs in adopting a cloud-first strategy without compromising innovation and agility?
Sajiv Nair: With India’s data security and protection requirements fastening around the clock—promoted by legislation such as the Digital Personal Data Protection Act (DPDPA), CERT-In guidelines, and industry-specific regulations—CIOs and CISOs have serious challenges in implementing a cloud-first approach without compromising innovation or agility. The significant difficulties are ensuring actual data sovereignty by holding sensitive data within geographical boundaries, which is imperative for compliance but may prove challenging with global cloud solutions. Providing strong governance in multi-cloud and hybrid setups, while maintaining visibility over dispersed systems, and performing regular compliance scans introduces complexity and places a significant burden on resources, slowing down digital transformation initiatives. This is countered by Indian cloud service providers, such as ESDS Software Solution Limited, which provides in-country and cloud infrastructure, as well as integrated security, enabling enterprises to meet regulatory requirements while maintaining operational agility and data elasticity. Effective CIO and CISO strategies today focus on implementing secure, sovereign cloud platforms, integrated governance frameworks, and automating regulatory reporting—striking a balance between managing risk, meeting compliance requirements, and achieving business agility in India’s high-stakes digital economy.
CIO&Leader: Do you believe traditional perimeter-based defenses are obsolete in today’s distributed environment? What role do Zero Trust and identity-first security models play in safeguarding enterprises operating at cloud scale?
Sajiv Nair: Yes, the idea of a secure perimeter is essentially a relic in an era where data, users, and workloads are spread across SaaS, IaaS, and on-prem environments. Cyber threats leverage lateral movement and porous endpoints, rendering perimeter firewalls insufficient on their own. That’s why Zero Trust Architecture (ZTA) is quickly becoming the norm, not the exception. Zero Trust cuts the inherent trust assumption, imposing authentication and authorization on each point of access. Supplementing this, identity-first security models prioritize user identity over network location as the basis for control. With strong multi-factor authentication, adaptive access, and ongoing verification, cloud-scale enterprises can operate safely while accommodating flexible remote access, seamless partner integration, and multi-cloud operations. Combined, these strategies shift security from a network-centric to an identity-centric approach, which is critical to the modern digital enterprise.
CIO&Leader: Cyber resilience is no longer just an IT metric—it’s a boardroom conversation. How should CIOs and CISOs frame resilience strategies that balance regulatory compliance, risk management, and shareholder confidence?
Sajiv Nair: For boards, the issue is not whether a breach will occur, but how ready the organization is to respond and recover. CIOs and CISOs then need to convert technical resilience into business impact metrics. This means describing how resilience protects revenue streams, fosters customer trust, and enhances shareholder value. Equally, enterprises must ensure regulatory compliance—whether it’s meeting reporting timelines under the DPDPA or adhering to data localization requirements in sectoral guidelines. Successful strategies are based on three dimensions:
- Compliance – integrating regulatory frameworks into everyday operations.
- Risk Management – quantifying exposure in third-party vendors, cloud environments, and supply chains.
- Confidence Building – using metrics like mean-time-to-detect (MTTD), mean-time-to-recover (MTTR), and compliance readiness scores to provide transparency to boards and investors.
By framing resilience as a compliance imperative and competitive differentiator, CIOs and CISOs can secure stronger board-level support and investment.
CIO&Leader: Technology can only go so far. In your view, what are the most effective ways to transform employees into “human firewalls” and ensure that security awareness translates into actual cyber hygiene?
Sajiv Nair: The best methods for turning employees into “human firewalls” are based on continuous, bite-sized security awareness training, simulation-based phishing exercises, and an organizational culture that explicitly promotes secure behaviour and alertness. Indian organizations are combining regular micro-training with virtual cyberattacks every quarter to enable employees to detect threats in real-time environments and apply defensive habits on autopilot, such as generating strong, unique passwords, enabling multi-factor authentication, and promptly alerting to suspicious activity. Cyber hygiene scorecards and behavioral analytics help reinforce positive habits and monitor progress, while leadership support helps make security everybody’s business, not just an IT responsibility. The key is momentum and involvement—incorporating security practices into the day-to-day workflow, ongoing intelligence about new threats to alert staff, and having channels for feedback. Hence, everyone feels secure enough to take action against cyber threats.
CIO&Leader: Looking ahead, how do you see technologies like AI-driven security analytics, blockchain for identity, or quantum-safe cryptography reshaping the way enterprises build and maintain digital Trust?
Sajiv Nair: In the future, technologies such as AI-based security analytics, blockchain identity management, and quantum-resistant cryptography will revolutionize how businesses establish and sustain digital Trust, particularly in India, where regulatory and compliance regimes are becoming tighter. AI-driven analytics enable companies to detect and predict advanced cyber threats in real-time, enhancing threat intelligence and automated response to maintain system integrity and data confidentiality. Blockchain technology offers secure and immutable identity validation solutions that help eliminate identity theft and fraud risks, thus enhancing access control and compliance postures within cloud and hybrid environments. At the same time, quantum-resistant cryptography protects business encryption from the coming quantum computing attacks, ensuring long-term data security and Trust in digital transactions. ESDS is committed to developing a sovereign and secure cloud infrastructure that integrates emerging technologies to deliver compliance, scalability, and resilience—empowering Indian enterprises to navigate an increasingly complex digital trust landscape with confidence.