In today’s digital economy, data has become the backbone of business operations, financial transactions, and government initiatives. However, as data privacy concerns grow, regulatory landscapes evolve, and cybersecurity threats become more sophisticated, organizations are being forced to rethink how they collaborate and share sensitive information. India, in particular, is at the forefront of this transformation, driven by increasing focus on data sovereignty and stringent data protection regulations. To dive deeper into these critical issues, we spoke with Harvinder Singh, Founder and CEO of Confiex Data Room, to explore the pressing need for secure and compliant data collaboration.
In this insightful discussion, Harvinder sheds light on the impact of data localization policies, strategies for navigating the complex regulatory environment, and how businesses can achieve seamless and secure information exchange in today’s dynamic digital landscape.
TAM: With rapid digitalization, how can Indian businesses strike a balance between open collaboration and ensuring data privacy, security, and regulatory compliance?
Harvinder Singh: When I started selling virtual data rooms back in 2008, digitalization wasn’t as popular or widespread as it is today. It’s been 17 years since then, and back in those days, a lot of effort went into educating businesses—even some of the biggest names—about data security, digitalization, and its benefits.
Over these 17 years, I’ve witnessed a tremendous transformation in how businesses approach these topics. Today, digitalization and data security are taken more seriously than ever before, and I believe a significant contributor to this change has been government initiatives.
Hats off to the government for their progressive policies, transparency, and the education they provide to companies and individuals about data privacy and security. These efforts are crucial, especially in today’s challenging digital landscape. Just recently, one of the largest companies faced a cyberattack involving a rapture-defined module. This incident highlights that even industry giants remain vulnerable to security threats.
It’s vital for governments, companies, and individuals to treat data security with the utmost seriousness. The new Digital Personal Data Protection (DPDP) laws represent a significant step forward. From what I’ve read, the framework is being debated in parliament, and I’m eager to see what emerges. One key takeaway from these laws is the emphasis on data sovereignty, which is a crucial development.
Together, these initiatives are driving greater transparency and accountability. Companies must align themselves with these changes, ensuring they remain compliant and vigilant. Importantly, people must understand the distinctions between personal, business, and highly sensitive data. Each type of data demands unique tools and strategies to ensure its security, given their differing levels of sensitivity.
Encryption, for instance, is paramount. It’s not just about encrypting data at rest; data in transit must also be secured. Products like Workflow Data Rooms offer advanced technologies to safeguard data, ensuring it remains confidential and accessible only to the intended recipients.
The DPDP laws represent a significant move forward, and companies, especially their IT teams, must adapt to the evolving landscape. By implementing robust security measures like encryption and leveraging advanced tools, organizations can better navigate the complexities of data privacy and protection in today’s world.
TAM: What role do secure virtual data rooms (VDRs) play in facilitating high-stakes transactions such as M&As, fundraising, and government projects, especially in a compliance-heavy environment?
Harvinder Singh: When it comes to virtual data rooms, the fundamental point to understand is the highly sensitive and confidential nature of high-stakes transactions such as M&As, fundraising, capital raising, or IPOs. A single data breach can significantly diminish the value of a deal—from millions to mere thousands or even less. This is because such leaks compromise the competitive edge, timing, and stakeholder confidence. Employees might behave unpredictably or leave when they suspect a sale is imminent, further complicating matters.
Confidentiality is the biggest challenge in these scenarios. Relying on on-premise solutions introduces inherent risks since IT teams inevitably gain direct or indirect access to sensitive information. Unfortunately, many leaks originate from these internal teams due to their unrestricted access, despite established controls. Moreover, on-premise systems often lack comprehensive audit trails to track who accessed what and when.
This is where virtual data rooms (VDRs) shine. Being a third-party provider, data security is our sole focus—our bread and butter. With 17 years of experience, we’ve built a reputation for trust and reliability. I recall being called the “Data Room Man of India” back in 2010-2012 because of my pioneering work in this field. At that time, our platform handled 9 out of 10 major transactions in the country; today, we manage 6 to 7 out of every 10.
VDRs add immense value, particularly in M&A and IPO transactions where multiple parties—investors, bankers, lawyers, and teams—require simultaneous access to sensitive information in a secure environment. Our tools facilitate seamless collaboration, including Q&A features on documents being reviewed, while maintaining a detailed, tamper-proof record of all interactions.
This auditability ensures accountability and prevents disputes. For example, in past transactions, companies faced challenges years later due to claims of undisclosed information. With VDRs, every disclosure is documented and easily accessible, reducing ambiguity and ensuring compliance. This transparency also supports government agencies by enabling quicker analysis of transactions—sometimes resolving inquiries in days instead of months or years.
For instance, the Indian government’s recent disinvestment efforts heavily relied on our VDR platform. One notable example was India’s largest airline disinvestment, which we successfully managed. From the first moment of the deal to its conclusion, our platform recorded every action—who accessed which documents, when, how many times, and even what they didn’t review. This meticulous record-keeping ensured not just data security but also full accountability.
Virtual data rooms are indispensable in managing high-stakes transactions, offering unmatched security, transparency, and efficiency. Their ability to provide a secure, collaborative, and compliant environment adds tremendous value for businesses and governments alike.
TAM: India is witnessing an increase in data localization regulations. How do these evolving laws impact enterprises, and what steps should they take to ensure compliance while maintaining operational efficiency?
Harvinder Singh: There are two approaches I would suggest. The first is the traditional method: maintaining an in-house, on-premise IT security infrastructure. While effective, this approach demands constant upgrades, as new threats emerge almost every minute. It also comes with significant costs, requiring extensive manpower to support the system 24/7.
The alternative is to leverage SaaS providers whose core business is data security—such as virtual data rooms. These dedicated platforms not only ensure your systems stay up to date but also provide round-the-clock support, ensuring business continuity.
From a compliance perspective, this is particularly advantageous. For instance, if you’re a manufacturing enterprise, IT compliance may not be your core expertise. While you might manage it adequately, it’s not your primary focus, which means some gaps are almost inevitable. By leveraging specialized technologies and platforms, you can address these gaps effectively and add significant value to your operations.
TAM: With rising geopolitical concerns around data sovereignty, how critical is it for Indian organizations to host and manage their data within the country, and what risks do they face if they don’t?
Harvinder Singh: There are two key points I want to highlight here.
1. Data Sovereignty
Data sovereignty is a top priority, as I’ve mentioned earlier, and its importance cannot be overstated. Currently, most of the leading data centers operating in India are international entities, even if they have facilities within the country. However, a critical issue lies in the clauses that allow these data centers to furnish data to their respective governments when required, subject to specific checks and protocols.
Now, imagine if India’s sensitive data is stored in a U.S.-based data center. Many businesses don’t even ask where their data is being stored, which is concerning. In such scenarios, the risks are significant. If the Indian government needs access to this data, the process becomes much more complex and time-consuming, as it involves foreign governments and legal frameworks.
On the other hand, if the data were hosted locally, the situation would be far simpler and quicker. Data requests could be processed in days or weeks, rather than the prolonged delays caused by cross-border legalities and bureaucratic hurdles. This highlights the critical need for localized data services to ensure efficiency and security.
2. The AI Data Dilemma
The second point I want to emphasize is the growing concern around the use of data in AI and machine learning. AI has become a buzzword, and businesses are rushing to adopt it without fully understanding the implications. While it’s true that AI and machine learning can process data without human involvement, the fact remains that your data is still being accessed, analyzed, and interpreted by algorithms.
Even though these algorithms bring valuable insights, they also store and process this information in ways that businesses may not fully comprehend. This makes it critical for companies to exercise caution when deciding where and how to use AI.
In our domain, for example, while we leverage AI for detection purposes, we draw a clear line when it comes to document processing. No human or machine is allowed to access or interpret sensitive data unless an authorized user with the proper permissions decrypts it. This principle ensures that your data remains untouched and secure unless explicitly accessed by you.
Businesses need to be vigilant about the platforms they use, especially for handling sensitive data. Many companies unknowingly pay for services that access and potentially exploit their data—essentially handing over valuable information and paying for the privilege. This creates a paradox where businesses are giving away their most critical asset under the guise of convenience or innovation.
Final Recommendation
When dealing with sensitive data, I strongly recommend avoiding platforms that analyze or “read” your documents. Instead, prioritize solutions that maintain strict access controls and transparency. Protecting your data should always be a top priority, as the cost of negligence can far outweigh the perceived benefits.
TAM: Confiex is hosted on MEITY-approved Azure Data Centers in India. How does this setup ensure full data sovereignty while providing enterprises with world-class security and encryption standards?
Harvinder Singh: As I mentioned earlier, the top data centers globally are renowned for their state-of-the-art architecture, infrastructure, security, compliance, and certifications. Among the top three, Microsoft Azure stands out. After thorough due diligence, we decided to use an MEITY-approved data center by Azure.
A key reason for this decision was that both the primary and backup data centers are located within India. This was a significant factor, as many other platforms lack such a setup. Of the top three data center providers, Azure was the only one offering multiple data centers in India, making it a clear choice for us.
We rely heavily on the expertise of MEITY-approved vendors, who ensure adherence to the right guidelines and compliance frameworks. Azure has passed all these checks seamlessly. However, we didn’t just stop at relying on Azure’s architecture. We conducted a comprehensive OWASP (Open Web Application Security Project) audit at the platform level, integrated into Azure’s cloud services. This audit, carried out by an MEITY-approved auditor, gave us additional confidence in Azure’s reliability.
While Azure is a reputed and trusted brand, we felt it was important to go the extra mile to ensure data security, integrity, and confidentiality. Companies like ours, and many others, often take this additional step to safeguard sensitive information.
Regarding adoption trends in India, let me elaborate on the market perspective. Virtual data rooms are no longer limited to specific industries. Over the years, they’ve become industry-agnostic. The government, in particular, has played a significant role in driving technology adoption over the past decade.
For example, most government disinvestment projects now use data rooms. Recently, we completed a project for an airline, and one of India’s largest shipping company disinvestments is currently ongoing on our platform. We’ve worked with nearly all of India’s top 25 corporate houses. Leading stock exchanges and major IPOs frequently rely on our data rooms to streamline their processes. Regulatory bodies like SEBI have also contributed to this adoption by introducing stringent checks. These checks ensure transparency, requiring detailed disclosures of contributors and documentation during listing reviews.
This growing adoption is commendable, and awareness about data rooms has increased significantly, thanks to investment banks, advisory firms, and law firms educating businesses about their benefits. Beyond compliance and security, data rooms expedite deal closures, which is crucial in today’s volatile economic environment.
However, there’s still some confusion in the market. Many businesses, due to limited knowledge, use platforms like Google Drive or OneDrive as makeshift data rooms, assuming data rooms are expensive. We’ve worked to address this misconception by introducing India-based data centers, local pricing (no USD transactions), and compliance with Indian laws. Additionally, we provide local-language support and contribute to GST.
The industry has evolved remarkably, and the growth trajectory is inspiring. By focusing on localized solutions, we’re not just meeting market demands but also contributing to the broader digital transformation of businesses in India.
