Rajesh Khazanchi Podcast Transcript
Rajesh Khazacchi joins host Brian Thomas on The Digital Executive Podcast.
Brian Thomas: Welcome to Coruzant Technologies Home of The Digital Executive Podcast.
Do you work in emerging tech, working on something innovative? Maybe an entrepreneur? Apply to be a guest at www.coruzant.com/brand.
Welcome to The Digital Executive. Today’s guest is Rajesh Khazanchi. Rajesh Khazanchi is the CEO and Co-founder of ColorTokens, a company that provides industry leading micro-segmentation and breach containment solutions that span across IT, OT, industrial control systems, devices, and users.
Under Rajesh leadership, the company has accelerated to grow over 300% annually. In the last three years, deployed over 100 large enterprise customers in insurance, healthcare, retail, manufacturing, oil and gas, and pharma. Rajesh leads a team of 400 plus people worldwide and drives the vision, strategy, and execution of the company’s product and services.
Well, good afternoon, Rajesh. Welcome to the show.
Rajesh Khazanchi: Thank you for having me, Brian.
Brian Thomas: Absolutely my friend. I appreciate it. And you’re hailing out of Cupertino, California, near San Jose. Done a lot of podcasts out there. I’m in Kansas City, but a two hour jump in time zones. I appreciate that. I know it’s hard to make schedules, so thank you.
And Rajesh, if you don’t mind, I’m gonna jump into your first question under your leadership ColorTokens has grown over 300% annually for the last three years and deployed over 100 large enterprise customers globally. When a company is growing that fast while working with many large, complex clients, what are the biggest internal, operational or cultural challenges you face, and how have you managed to keep the culture of innovation intact?
Rajesh Khazanchi: Well, thank you for asking me that question, Brian. See when you are operating at a very large speed. By the time you hire the people, you’re already short staffed. So, what’s extremely important is to follow certain core framework in your mind. Uh, one sets that we follow at ColorTokens is a 90 10 rule.
Anything that’s, that can be done repeatedly. So something that you do it over and over again, it’s probably time to automate and we follow that rule very judiciously. So more or less like. It’s very, very important to understand how your day is going as a team, as an individual, and then which are the area that you can completely, use automation for it.
That’s number one. The second is about innovation. We have a rule of 10% process is important ’cause otherwise it creates a complete kiosk in the organization. Anything that is more than 10%, then it becomes process heavy. And a lot of companies, which are like much larger companies, there’s a lot of heavy duty process.
And at some point in time process takes over the entire war culture. So we are not that big right now, but we are exponentially growing. The core team, the leadership team, is very focused on making sure that we have this 10% process culture of any time we see that any structuring of a customer success, deployment, deliveries, taking care of customers, solutioning, that should be a lightweight process.
But then the core focus needs to be what is the job that we need to do. So these are some of the things that. We follow, uh, especially at color tokens. The next one is we as a core team are very much fascinated with big problems, and it’s very easy to solve a small problem. But sometimes there are, I would say like two types of problems.
Problems that you wanna solve. Uh, you feel like, it’s good to solve, but, uh, no one cares about those particular problems. And over the period of time you’ll see like you might have solved a problem, but really like it’s not such a big deal to anyway, so you’ll find another 10 or 20 companies solving that problem.
But anytime there’s a big problem that has a deeper meaning, it’s very, very interesting to solve those problems. So culturally, focusing on lightweight process, repeatable. Things that need to be automated and solve big problems. Big problems lead to major innovations, and that keeps the culture part also intact because when you are handling those particular problems, then all hands on the deck, people are just focusing on solving those complex problems.
Brian Thomas: Thank you. I appreciate that. And I can totally appreciate that where you’re, especially because you’re scaling so fast the last few years, you talked about, some things that are key to your success there. And that’s that 9 90 10 rule. You talked about anything that is repetitive there in your organization, you have a basically a requirement.
Your culture is kind of automate that stuff. Yes. And then you talked about that 10% process, the innovation there where obviously process is important especially for big tasks customers that you’re working on, on, on large. Particular problems or innovations. And then of course, problem solving.
You focus on those big problems and outta that comes where you, you said you see that innovation. I think that’s pretty cool.
Rajesh Khazanchi: That’s right.
Brian Thomas: Thank you for sharing. Absolutely. Rajesh, you’ve talked about the importance of shifting from assume you’re safe to assume you’re breached. From your perspective, what does true breach readiness look like inside a large enterprise?
And what are the biggest organizational hurdles CISOs face when driving that transformation?
Rajesh Khazanchi: See in the last, I would say 15 years there have been a lot of focus on cyber ransomware tag breaches. What started as a as a good smart techie guy interested in in attacks or and really showing that, are we secure or not?
And moving it very quickly towards state sponsored attacks. And we investigated a lot. We thought about it. We, you know, worked on it. I’ll give you a true definition from my perspective. What is a true definition of a breach ready disease if a particular breach on an attack happens to an organization and that just becomes a small incident, that is the true definition of being breach ready from my perspective.
So let’s say a large organization, a supply chain organization, supply chain logistics, they have, let’s say 300 service centers and attack happens to one of the service centers today. These service centers are all connected. It can quickly disrupt, in some cases, half of it. And. Other cases, the whole organization can hold.
Entire service centers can be completely brought to heart because it takes few minutes to bring down their entire service centers across, all these 300 service centers if you have in the, in the country. Now take that picture in mind and then think about if you have breach readiness in place, you get attacked.
Only that one single service center gets impacted and you are 299. Service centers out of 300 are functioning properly. It’s not a great story in the sense that it’s not perfect that, oh, all 300 service centers are functioning, but it’s a small incident compared to what it could have happened that is being breach ready to me.
Breaches are inevitable. They will happen. How well are you prepared to contain those Breaches are very, very important. So take an analogy, like a simple analogy like you, we, a blood proof bulletproof jacket, right? A bullet hits. It’s not like you’re not injured. It hits you, but you don’t die. And the same analogy can be put in.
That being truly breach ready manufacturing plants, retail energy sectors, you name any of the industries today, it’s a connected world. The most important element of is if a system or a plant or a server gets impacted. You just want to create that entire blast radius and make it only to unit one. So only that server, only that laptop, only, that user, only that service gets impacted and nothing else. That, to me, is the true definition of being breached by me.
Brian Thomas: Thank you. That’s great, and I appreciate the analogy. You talked about the bulletproof vest. Obviously it protects your life, but you still get hit. And the bigger example was with a large supply chain distributing company that may have 300 service centers.
And because the way things are connected nowadays, it’s very easily can happen where if one center is breached, it’s possible to bring down all 300. But again, being breach ready allows for a smaller scale attack because you’re able to contain it to that one area, which I think is pretty cool. And it’s just getting worse.
As you know, with AI and as you mentioned, state sponsored attacks, it’s just getting more and more the stakes are getting higher for sure
Rajesh Khazanchi: Right now. Yeah. It’s a very complex world right now.
Brian Thomas: Very much so. So, thank you. And Rajesh, the last question I had for you today, as the threat landscape evolves, AI powered attacks, supply chain risks, more IOT endpoints. What do you believe will be the next frontier in enterprise security?
And how should organizations prepare now so they’re not reacting to the next wave, but proactively building resilience?
Rajesh Khazanchi: So, I think we are entering into an era. You remember, Brian and some of these movies still happen, that you have these aliens attacking genot humans and they took over the country or the world, and then there are some superhero who actually saves the whole world something in the, in the similar world today.
You might have actually in the last few days, you might have seen that what agent intake systems are doing, they’re communicating, they have their own social environment and they communicate. And in the next few years as the AI driven agents will become more and more consumed in organizations, you will see not humans actually or hackers stealing data.
You will see agents now. Stealing data because controls are not that well placed. Agent communication would be a big problem. You really don’t know what they’re supposed to see, what they’re not supposed to see. The control governance part just simply does not exist or is not completely hashed out at this point in time.
And I see that as one very big frontier in the next four or five years as everybody’s want wanting to walk that. AI driven philosophy, and it’s rightly so because it gives enormous amount of, productivity. But when you are leveraging it, the governance and control that a lot of other organization have in other areas in AI simply don’t exist.
So you will see those type of attacks where agents should not be accessing employee data, medical records, customer data, but they are now self-determining that they would want to fix this information and make it something interesting. That is another frontier. CIOs and CSOs or presidents and board would be actually facing the implication of that is.
That companies can become bankrupt in a matter of days. ’cause liability still is with the company. If somebody’s data is stolen, or for that matter, you have intellectual property, you have pharmaceuticals, you have chemicals, and they’re being made, and any type of an attack in those particular spaces can actually make companies completely go bankrupt within a matter of days.
It’s not, it is not a matter of. Years in this case. So that’s one area which, where personally believe is going to change the landscape, especially for cyber attacks because you just don’t have that complete control. When it comes to agent systems, we have. Some level of governance and control that we have put in in the last 10, 15 years in other system to system communication, user to system communication users interacting with the data.
GDPR comes in data residency laws are there, but agents don’t care about that. Agents don’t have to really fetch. Go through this entire governance control. So I see that as a very big unknown at this point in time. So having controls using it in a controlled manner, even if you are trying to use agent AI technologies fence it put an isolation plan, put a quarantining plan, put a segmentation plan in there that will be a very big front.
And to me the best way to actually contain that is using the microsegmentation technology that all the CIO CSOs in the board level conversation are already happening there. So, we see enormous amount of inputs from customers that, Hey, I have a data lake. How do I isolate it? I want to provide enormous amount of information through the AI agents.
To my support staff, to my customer, ies to my to my product, uh, production engineers. But I just don’t know how to do it. So the best plan at this point in time is to have very clear path, de marketed path and isolated path for those particular systems so that even if you are consuming, even if your agents are consuming that data, but it is in fence, it’s completely goward and controlled.
Brian Thomas: Thank you. Really appreciate that. And I like how you walked us through this era. We’re, we’re entering into agentic AI. It’s just like, like you said, the sci-fi movies, right? They had these bots or aliens or whatever breaching our systems. And the same thing here. Agents will be stealing data and breaching systems without proper controls in place.
That’s why. You talked about that governance and control, which is not fully mature or in fact a lot of companies don’t even really have a lot of that today and they need to get that shored up. But this is a huge liability since these attacks can cause companies to go to bankrupt, as you said. But if we do zero zero trust architecture and microsegmentation strategies like you talked about, I think that’s gonna help us minimize these types of breaches.
So, I really appreciate that. And Rajesh, it was such a pleasure having you on today, and I look forward to speaking with you real soon.
Rajesh Khazanchi: Thank you. Thanks again for having me here.
Brian Thomas: Bye for now.
Rajesh Khazanchi Podcast Transcript. Listen to the audio on the guest’s Podcast Page.
