Cybersecurity has evolved from a compliance cost to a competitive differentiator in India’s rapidly digitizing economy, according to Anjali Amar, Vice President & Country Head, India and SAARC at Cloudflare. With the acceleration of sophisticated cyberattacks by generative AI, traditional perimeter-based security models are becoming obsolete. Forward-thinking enterprises are adopting Zero Trust and SASE frameworks, embedding AI-powered detection at their core, while avoiding common pitfalls such as treating security as a one-time deployment.
VP & Country Head, India and SAARC
Cloudflare
Indian companies face unique pressures to scale rapidly while maintaining security, necessitating unified platforms that deliver both security and performance. As insider threats become increasingly complex, predictive AI helps identify anomalies without creating friction among employees. India’s position as both a prime target for cyberattacks and an innovation hub makes it a crucial testing ground for next-generation security practices that are shaping global cybersecurity standards.
CISO Forum: For years, enterprises have treated cybersecurity as a compliance cost. What shifts are you seeing that make security not just a defensive layer but a competitive differentiator in the digital economy?
Anjali Amar: Cybersecurity has moved far beyond compliance; it’s now a fundamental enabler of trust, which directly impacts brand reputation, customer loyalty, and business growth. In a hyper-connected economy, customers, partners, and regulators increasingly judge enterprises by their ability to secure data and digital interactions. At Cloudflare, we have observed that forward-looking enterprises are integrating security into their business models as a differentiator, whether it’s ensuring frictionless customer experiences through secure authentication or protecting APIs (Application Programming Interfaces) and digital payments at scale. In India, especially with the rapid adoption of UPI (Unified Payments Interface) and digital services, organizations that demonstrate resilience are gaining market advantage. Security is no longer a cost – it’s a competitive advantage.
CISO Forum: With generative AI making attacks faster and more sophisticated, how should CXOs rethink traditional security frameworks that were built for a pre-AI threat landscape?
Anjali Amar: Generative AI has raised the stakes by making attacks faster, more complex, and harder to spot. Traditional, perimeter-based security models can’t keep up in this environment. CXOs need to evolve toward adaptive, intelligence-driven frameworks that embed Zero Trust principles and AI-powered detection and response at their core. Approaches like SASE (Secure Access Service Edge) unify networking and security at the edge, giving enterprises both speed and resilience. These modern architectures are critical because they also enable the responsible governance of AI usage, while helping organizations strike a balance between innovation and built-in security.
CISO Forum: Zero Trust and SASE are becoming buzzwords in boardrooms. What does actual adoption look like in practice, and what pitfalls should Indian enterprises avoid when implementing these frameworks?
Anjali Amar: The actual adoption of Zero Trust and SASE means rethinking access and connectivity as dynamic, rather than static. In practice, it’s about continuously verifying every user, device, and request, applying least-privilege access, and ensuring secure data flows across increasingly hybrid environments, all while keeping friction low for employees. Enterprises that succeed don’t treat Zero Trust as a one-off “big bang” project or buy standalone products with the correct labels. Instead, they embed it into the day-to-day business fabric, starting with critical applications and sensitive data, integrating with identity systems, and then expanding iteratively.
For Indian enterprises, common pitfalls include treating Zero Trust as a one-time deployment, maintaining parallel traditional systems “just in case” (which only adds complexity), and focusing on tools rather than outcomes, often at the cost of user experience and agility. Cloudflare helps enterprises overcome these challenges by unifying identity, access, and network security into a single connectivity cloud platform, simplifying adoption, reducing costs, and ensuring security becomes an enabler of growth rather than a barrier.
CISO Forum: Indian enterprises are under pressure to scale rapidly while maintaining security. What technologies or architectural choices enable organizations to achieve both without compromising one for the other?
Anjali Amar: The key is to adopt architectures that scale security in tandem with business growth. Traditional point solutions slow down growth because they require constant integration and manual oversight.
Cloudflare’s connectivity cloud enables Indian enterprises to scale applications, APIs, and services securely, with built-in protections such as DDoS mitigation, API shielding, and Zero Trust access, all delivered at the edge —close to users. This ensures performance and reliability are not sacrificed for security. Architectural choices, such as adopting a unified platform, leveraging automation, and building resilience by design, enable enterprises to innovate faster, enter new markets, and protect digital trust at scale.
CISO Forum: Insider threats remain one of the most underestimated risks. How can predictive AI and advanced analytics help organizations preempt such risks without creating friction for employees?
Anjali Amar: Insider risks are complex because they intersect with both people and systems. The opportunity with AI is to bring context and foresight. For example, unusual data downloads at odd hours or repeated failed access attempts can trigger adaptive policies before damage occurs. By analyzing behavior patterns, predictive AI can identify anomalies such as unusual data transfers or atypical logins before they escalate. At Cloudflare, our AI Prompt Protection allows security teams to identify potentially dangerous employee interactions with AI models and flag those prompts and responses.
The goal isn’t surveillance; it’s proactive, low-friction protection that allows employees to use powerful tools like generative AI safely, while providing security teams with visibility to act quickly when something appears suspicious.
CISO Forum: India is both one of the most targeted geographies for cyberattacks and a fast-growing digital market. How do you envision India influencing the global discourse on next-generation cybersecurity practices and standards?
Anjali Amar: India sits at the crossroads of risk and innovation. This unique context positions it to lead the global conversation on next-generation security practices, particularly in areas such as digital payments, API security, and privacy frameworks. Indian enterprises are being compelled to innovate at a rapid pace to stay ahead of increasingly sophisticated threats, making them a testing ground for next-generation practices. The sheer scale and complexity of the challenges in India – from securing billions of transactions to protecting a diverse range of industries are pushing the boundaries of what’s possible in cybersecurity. As a result, the strategies and solutions being developed here, such as AI-powered threat detection and SASE implementations, are setting new standards and providing valuable lessons for organizations worldwide.
