The traditional network perimeter has dissolved due to multi-cloud adoption and hybrid work, forcing organizations to move from fragmented security tools toward unified platforms. Attackers are leveraging AI to generate novel malware at an immense scale, while also harvesting encrypted data for future decryption by quantum computers.
Organizations now face the challenge of securing applications across multiple clouds and a distributed workforce, requiring a consistent security policy via a unified platform. There is a growing recognition, especially in India's fast-growing digital ecosystem, that security cannot be an afterthought due to risks to customer trust, financial damage, and new data sovereignty regulations.
AI presents a double-edged sword, with attackers using it to create new threats rapidly, necessitating that defenders use deep learning and AI inline to stop these novel attacks in real time.
Main Topics: Evolution of network security, challenges of cloud and hybrid work, the dual role of AI in cybersecurity, the quantum computing threat, and the growing focus on security and data sovereignty in India.
Cybersecurity is no longer confined to locking the doors of a physical server room. As enterprises migrate to multi-cloud environments and adopt hybrid work models, the traditional network perimeter has completely dissolved. This shift has forced organisations to rethink their digital defence strategies, moving away from fragmented point products toward unified platforms.
Concurrently, the rapid advancement of artificial intelligence (AI) and the looming shadow of quantum computing present unprecedented challenges. Attackers are leveraging AI to generate novel malware at an immense scale. Meanwhile, sophisticated actors are harvesting encrypted data today with the explicit intent to decrypt it tomorrow using future quantum processors.
In an interaction with The Economic Times, Anand Oswal, Executive Vice President of Palo Alto Networks, breaks down the evolution of network security. He discusses the double-edged nature of AI, the critical need for cryptographic agility, and how enterprises must proactively harden their digital infrastructure against impending existential threats.
Q. Network security has evolved drastically from the days of locked server rooms. How do you categorise this evolution, and what are the primary challenges organisations face today?
A. When I started my first job out of college in the late 1990s, security was essentially a locked room housing servers. Early network security began with basic policy constructs built around IP addresses and ports. As the internet boomed around the dot-com era, this evolved into application-aware filtering, known as Layer 7 constructs.
Today, the world has completely changed. Applications are no longer just sitting in a private data centre. They are hosted across multiple public clouds like AWS, Azure, and Google Cloud. Simultaneously, the workforce is distributed, accessing these applications from corporate offices, homes, and mobile devices. This led to the rise of Secure Access Service Edge or SASE. The biggest challenge now is simplifying this complex architecture. You cannot protect cloud applications, remote workers, and data centres with disconnected point products. Organisations need a unified platform to maintain a consistent security policy across all environments.
Q. In the Indian context, the digital ecosystem is expanding rapidly. Are domestic startups and enterprises adequately prepared for these complex security demands?
A. Technology adoption in India is at an all-time high across various sectors. When you look at the startup ecosystem, their initial priority is usually finding product-market fit and scaling quickly. Historically, security might have taken a back seat to rapid growth.
However, we are seeing a significant mindset shift. Startups and large enterprises alike are realising that security cannot be an afterthought. A single breach can wipe out customer trust and cause immense financial damage. Furthermore, with regulatory frameworks, such as the Digital Personal Data Protection [DPDP] Act, [2023 and its 2025 Rules], coming into play, there is a strong focus on data sovereignty. Companies want their data to reside within Indian borders, which is driving the need for localised cloud infrastructure and sovereign security solutions.
Q. AI is the dominant technology conversation today, but it is also weaponising cyberattacks. How are threat actors leveraging AI, and how do you defend against it?
A. AI is absolutely a double-edged sword. Attackers are using generative AI to write highly sophisticated malware and execute attacks in seconds rather than days. To give you an idea of the scale, our networks stop about 31 billion attacks globally every 24 hours. Out of those, roughly 9 million are entirely net-new attacks that nobody in the cybersecurity industry has ever seen before.
Because attackers use AI to bypass traditional signatures, defenders must use deep learning and precision AI directly inline to stop these threats in real time. We also have to address the rise of AI applications within the enterprise. We need to secure the usage of these tools to prevent sensitive corporate data from leaking into public AI models, and we must protect against prompt injection attacks where the AI itself is manipulated.
Q. The modern workforce relies heavily on unmanaged devices. How does that complicate the security landscape?
A. It is a massive complication. About 40 per cent of global workers are now contract or contingent workers. Shipping corporate laptops to all of them for short-term projects is logistically difficult and expensive.To solve this, we acquired Talon, which provides a secure enterprise browser. The browser is where modern work happens. It is the only entity that sees all traffic before it gets encrypted and right after it is decrypted. By deploying a secure browser on an unmanaged device, we can enforce strict security policies, prevent data exfiltration, and stop malware assemblies that occur directly within HTTP sessions.
Q. Beyond AI, quantum computing is categorised as a cryptographic existential threat. Could you explain the âharvest now, decrypt laterâ strategy and why it is a liability today?
A. Quantum computing is a fascinating but severe challenge. Our current digital economy relies entirely on standard cryptographic algorithms to secure communications and data. However, experts and researchers predict that by the end of this decade, viable quantum computers will exist that can break traditional encryption.
This has given rise to the âharvest now, decrypt laterâ strategy. Sophisticated attackers or state-sponsored actors are tapping into encrypted communications today and stealing that data. They cannot read it right now, but they are patiently storing it. Once a quantum computer becomes available, they will decrypt and exploit it. This puts any data with long-term value, such as government intelligence, healthcare records, and financial blueprints, at immediate risk today.
Q. For organisations mired in legacy tech, is quantum readiness a massive rip-and-replace project? How should the C-suite justify this ROI?
A. It does not have to be a rip-and-replace nightmare, but it does require a strategic shift toward cryptographic agility. You cannot wait until 2030 to start preparing. We guide our customers through a very pragmatic approach, starting with discovery.
You can only secure what you can see. We provide full visibility into an enterprise network to identify exactly which cryptographic algorithms are currently being used. Once you have that inventory, you can begin upgrading to quantum-safe algorithms. We are already offering quantum-safe virtual private networks and infrastructure updates to ensure that data harvested today remains protected against future quantum decryption.
Regarding the ROI, the C-suite needs to view this through the lens of platformisation and risk management. Consolidating security onto a unified platform reduces operational costs and complexity. More importantly, the cost of inertia is catastrophic. Delaying security modernisations leads to devastating breaches, which result in severe legal consequences, regulatory fines, and a total loss of brand reputation. Cybersecurity is fundamentally a board-level conversation about enterprise survival.
Concurrently, the rapid advancement of artificial intelligence (AI) and the looming shadow of quantum computing present unprecedented challenges. Attackers are leveraging AI to generate novel malware at an immense scale. Meanwhile, sophisticated actors are harvesting encrypted data today with the explicit intent to decrypt it tomorrow using future quantum processors.
In an interaction with The Economic Times, Anand Oswal, Executive Vice President of Palo Alto Networks, breaks down the evolution of network security. He discusses the double-edged nature of AI, the critical need for cryptographic agility, and how enterprises must proactively harden their digital infrastructure against impending existential threats.
Q. Network security has evolved drastically from the days of locked server rooms. How do you categorise this evolution, and what are the primary challenges organisations face today?
A. When I started my first job out of college in the late 1990s, security was essentially a locked room housing servers. Early network security began with basic policy constructs built around IP addresses and ports. As the internet boomed around the dot-com era, this evolved into application-aware filtering, known as Layer 7 constructs.
Today, the world has completely changed. Applications are no longer just sitting in a private data centre. They are hosted across multiple public clouds like AWS, Azure, and Google Cloud. Simultaneously, the workforce is distributed, accessing these applications from corporate offices, homes, and mobile devices. This led to the rise of Secure Access Service Edge or SASE. The biggest challenge now is simplifying this complex architecture. You cannot protect cloud applications, remote workers, and data centres with disconnected point products. Organisations need a unified platform to maintain a consistent security policy across all environments.
Q. In the Indian context, the digital ecosystem is expanding rapidly. Are domestic startups and enterprises adequately prepared for these complex security demands?
A. Technology adoption in India is at an all-time high across various sectors. When you look at the startup ecosystem, their initial priority is usually finding product-market fit and scaling quickly. Historically, security might have taken a back seat to rapid growth.
However, we are seeing a significant mindset shift. Startups and large enterprises alike are realising that security cannot be an afterthought. A single breach can wipe out customer trust and cause immense financial damage. Furthermore, with regulatory frameworks, such as the Digital Personal Data Protection [DPDP] Act, [2023 and its 2025 Rules], coming into play, there is a strong focus on data sovereignty. Companies want their data to reside within Indian borders, which is driving the need for localised cloud infrastructure and sovereign security solutions.
Q. AI is the dominant technology conversation today, but it is also weaponising cyberattacks. How are threat actors leveraging AI, and how do you defend against it?
A. AI is absolutely a double-edged sword. Attackers are using generative AI to write highly sophisticated malware and execute attacks in seconds rather than days. To give you an idea of the scale, our networks stop about 31 billion attacks globally every 24 hours. Out of those, roughly 9 million are entirely net-new attacks that nobody in the cybersecurity industry has ever seen before.
Because attackers use AI to bypass traditional signatures, defenders must use deep learning and precision AI directly inline to stop these threats in real time. We also have to address the rise of AI applications within the enterprise. We need to secure the usage of these tools to prevent sensitive corporate data from leaking into public AI models, and we must protect against prompt injection attacks where the AI itself is manipulated.
Q. The modern workforce relies heavily on unmanaged devices. How does that complicate the security landscape?
A. It is a massive complication. About 40 per cent of global workers are now contract or contingent workers. Shipping corporate laptops to all of them for short-term projects is logistically difficult and expensive.To solve this, we acquired Talon, which provides a secure enterprise browser. The browser is where modern work happens. It is the only entity that sees all traffic before it gets encrypted and right after it is decrypted. By deploying a secure browser on an unmanaged device, we can enforce strict security policies, prevent data exfiltration, and stop malware assemblies that occur directly within HTTP sessions.
Q. Beyond AI, quantum computing is categorised as a cryptographic existential threat. Could you explain the âharvest now, decrypt laterâ strategy and why it is a liability today?
A. Quantum computing is a fascinating but severe challenge. Our current digital economy relies entirely on standard cryptographic algorithms to secure communications and data. However, experts and researchers predict that by the end of this decade, viable quantum computers will exist that can break traditional encryption.
This has given rise to the âharvest now, decrypt laterâ strategy. Sophisticated attackers or state-sponsored actors are tapping into encrypted communications today and stealing that data. They cannot read it right now, but they are patiently storing it. Once a quantum computer becomes available, they will decrypt and exploit it. This puts any data with long-term value, such as government intelligence, healthcare records, and financial blueprints, at immediate risk today.
Q. For organisations mired in legacy tech, is quantum readiness a massive rip-and-replace project? How should the C-suite justify this ROI?
A. It does not have to be a rip-and-replace nightmare, but it does require a strategic shift toward cryptographic agility. You cannot wait until 2030 to start preparing. We guide our customers through a very pragmatic approach, starting with discovery.
You can only secure what you can see. We provide full visibility into an enterprise network to identify exactly which cryptographic algorithms are currently being used. Once you have that inventory, you can begin upgrading to quantum-safe algorithms. We are already offering quantum-safe virtual private networks and infrastructure updates to ensure that data harvested today remains protected against future quantum decryption.
Regarding the ROI, the C-suite needs to view this through the lens of platformisation and risk management. Consolidating security onto a unified platform reduces operational costs and complexity. More importantly, the cost of inertia is catastrophic. Delaying security modernisations leads to devastating breaches, which result in severe legal consequences, regulatory fines, and a total loss of brand reputation. Cybersecurity is fundamentally a board-level conversation about enterprise survival.
(This article is generated and published by ET Spotlight team. You can get in touch with them on etspotlight@timesinternet.in)
Meridiano
