Following Upwind’s landmark $250 million fundraise and its entry into the unicorn league, the focus now shifts to execution and scale. In this conversation with Tech Achieve Media, Simarpreet Singh, Country Manager, Upwind Security, shares the company’s growth roadmap, its strategy for expanding in India and the wider APJ region, and how it plans to deepen its leadership in cloud and runtime security while building a strong partner-led ecosystem.
TAM: We’re looking at a projected $250B cloud security boom in India by 2028, yet breach rates remain at 85%. Is this massive market growth driven by genuine innovation, or is it a ‘fear tax’ that Indian enterprises are paying because they can’t keep up with the complexity of multi-cloud environments?
Simarpreet Singh: We need to divide the entire scenario into two parts. First is the growth that we are seeing, and second is the risk associated with that growth. The growth is real. It is happening because, if you imagine India 10 years ago, we had limited options. If you look at any sector, banking or financial services, we had net banking or mobile banking. Today, we have many more avenues to carry out transactions. So, this growth is aimed at providing better services to end users.
At the same time, businesses want to grow at lightning speed. They are not ready to hear that this growth could also bring risks. A CEO goes into a conference or a board meeting and hears terms like AI, digital innovation, and mobile-first strategy. They come back and put pressure on CTOs, CIOs, and CISOs without fully understanding that while all these developments are beneficial, each comes with its own associated risks. As a result, security is always playing a catch-up game. Innovation moves faster than security, and security is constantly trying to follow.
The growth we are talking about is actually the transformation happening in India. Government and public sector organisations are moving to microservices and cloud environments. So yes, the growth is real but it also increases risk.
Earlier, the life of a CIO or CTO was much simpler. They had a data centre, complete control over it, and full visibility. They knew where the servers were, where the storage was, and how the network was connected. Access required permission, and everything was well contained. It was like a fortress, which is well protected and well guarded. With the advent of public cloud, that model has changed. Now, there is less clarity on what resides where, who owns the infrastructure, what networks are involved, and who has access. What was once a fortress has now become more like a carnival, which is dynamic, open, and harder to control. That is where the risk has increased.
Secondly, to support rapid innovation, security practitioners have adopted point solutions to protect specific innovations. Their challenge then becomes stitching these solutions together to secure the entire enterprise. Hackers don’t attack tools, Instead, they attack gaps. And these gaps emerge from fragmented systems and integrations, making them easier to exploit. So while innovation is real, the scale, whether a $250 billion market or beyond, is real, the risks and threats are just as real.
TAM: A 200% YoY growth is aggressive. Is this expansion coming from ‘Greenfield’ startups born in the cloud, or are you successfully migrating legacy ‘Brownfield’ enterprises in the Government and PSU sectors that are historically resistant to SaaS-based security?
Simarpreet Singh: I think the brownfield or legacy enterprises, until the time of COVID-19, were quite hesitant to move to the cloud. However, when the pandemic occurred, they realised that cloud adoption was the only viable way to move forward. As a result, they began accelerating their transition to cloud environments.
The key difference between digital-native businesses, which are born in the cloud, and traditional legacy enterprises, including banks, lies in their approach and preparedness. Digital-native organisations inherently understand cloud infrastructure and the challenges associated with it. They typically have strong in-house technology teams that not only manage but also secure their cloud environments effectively.
On the other hand, traditional enterprises continue to operate with a more conventional mindset. While they have large teams and support from OEMs, their on-ground technical expertise in cloud technologies is relatively limited. This often makes them more cautious and slower in adopting cloud at scale.
Additionally, these organisations operate in highly regulated environments. For instance, banks undergo numerous audits each year, often 20 to 25 focused solely on information security. Because they form the backbone of India’s economy, they cannot afford to take bold or high-risk decisions in the same way digital-native companies can. Therefore, they adopt a more conservative and measured approach to transformation.
That said, they are steadily progressing. To answer your question, the ecosystem today is a mix of both segments. Digital-native businesses bring speed and agility, as they move quickly and innovate rapidly. In contrast, traditional enterprises bring scale, as they handle larger infrastructure and significantly higher transaction volumes. From an overall perspective, both segments are equally important, and we have been able to effectively cater to the needs of each.
TAM: Indian market is notoriously price-sensitive. How is Upwind positioning its premium ‘runtime-first’ value proposition against legacy players who are slashing prices to maintain their footprint?
Simarpreet Singh: First of all, I would say that Upwind has fundamentally changed the approach to product delivery and pricing. If you look at legacy or first-generation tools, they typically offer multiple modules within a solution. Customers are often sold a basic entry-level product at a certain price, and as they scale to enterprise usage, they are required to pay an additional premium, often around 20 percent or more.
At Upwind, we have redefined this entire philosophy.
We offer a comprehensive suite of capabilities, but our pricing model is built around a single product and a single SKU. This SKU represents the base product that we sell, and all additional capabilities are included as part of the offering. When I met our CEO earlier this year, I asked why we do not follow the conventional model of multiple SKUs, upselling, or cross-selling like many of our competitors. His perspective was very clear. He said that customers are not just numbers; they are individuals and organisations facing real technology challenges. Instead of treating engagements as transactions, the focus should be on delivering a complete solution that genuinely addresses their problems.
This philosophy is reflected in our pricing model. Customers can choose their own adoption journey and scale at their own pace. However, they do not have to worry about incremental costs for additional features or capabilities along the way. In most traditional scenarios, a customer may adopt a solution and later encounter new challenges as innovation evolves. At that point, the CISO is often forced to restart the evaluation process, engage with multiple vendors, or renegotiate with the existing vendor, which typically leads to additional costs. We wanted to eliminate that friction. With our single-SKU model, customers gain access to the full platform from the outset. Importantly, this is offered at what is effectively the entry-level price point in the market, rather than a premium tier. In essence, there are no hidden costs. This transparency and simplicity make it a compelling and customer-centric offering.
TAM: What sets Upwind apart from other players in the market?
Simarpreet Singh: I would highlight two key aspects that differentiate Upwind and create a clear value proposition. First is our approach to innovation. Upwind operates on a truly continuous development model. While most organisations follow standard development cycles, our teams are structured to work in a “follow-the-sun” model. For instance, our team in Tel Aviv operates on a Sunday to Thursday schedule, while our team in India follows a Monday to Friday schedule, and other global teams complement this cycle. As a result, development continues around the clock, ensuring there is no downtime in innovation. This enables us to consistently deliver comprehensive and up-to-date solutions to our customers without disruption. This level of continuous development is something I have rarely seen elsewhere.
Second is our fundamentally different approach to security. Traditional or legacy tools typically operate from an outside-in perspective. They sit outside the customer’s environment, take periodic snapshots, analyse them, and then provide insights into potential risks. This often results in delayed visibility and reliance on assumptions.
In contrast, Upwind operates from an inside-out perspective. Our platform resides within the environment and continuously monitors all interactions, whether across networks, APIs, AI layers, or data layers. This allows us to move from assumption-based assessments to precise, real-time insights into what is actually happening within the system.
A simple analogy would be that legacy tools can tell you whether the door to your house is open or closed. Upwind, however, can tell you who opened the door, when it was opened, who entered, how often, which rooms were accessed, and what other points of entry were used. This depth of visibility provides a much more actionable and accurate understanding of risk.
In addition to these differentiators, we also recognise a key challenge in markets like India, where security teams are often lean. It is not practical for organisations to track every alert, risk, or exploit continuously. Their primary focus should remain on driving innovation.
To address this, Upwind provides Managed Detection and Response services. With every customer engagement, we assign a dedicated resource who continuously monitors the environment. In the event of a zero-day vulnerability or emerging threat, our team proactively alerts the customer, collaborates with them, and helps establish a coordinated response, such as a war room if required.
This approach ensures that customers are not overwhelmed by alerts or false positives. Instead, they can focus on their core business objectives while Upwind takes responsibility for managing and securing their environment. As subject matter experts, our role is to anticipate risks and provide clear, actionable guidance to ensure our customers remain secure while continuing to innovate.
TAM: Tell us about your partner network in India.
Simarpreet Singh: We have an established partner network in India, and more broadly across the APJ region. Since the APJ team, covering ANZ, Japan, ASEAN, and India, was set up in the first week of January, we wanted to demonstrate our strong commitment to the partner ecosystem from the outset. As part of this effort, we launched a programme called the APJ Founding Partners initiative.
Under this programme, we identified six strategic partners across key regions and designated them as our core marketing partners. For any initiative we undertake, these partners are our first point of engagement. They receive full access to Upwind’s capabilities, including close collaboration with our product teams, access to our labs, and a highly focused level of support.
In India, for example, we have partnered with Fountain IQ Solutions Private Limited, based in Bengaluru. They act as a key representative for us in the market. For most of our marketing activities, we actively involve them so that they benefit from increased visibility while also showcasing their own services alongside Upwind’s offerings.
These partnerships are deeply collaborative. Our partners make significant investments in building capabilities around Upwind, including sales, marketing, and technical support. Taking the example of Fountain IQ, they have invested substantially in sales enablement, marketing initiatives, and customer engagement support.
This partner-led approach is central to our go-to-market strategy. Nearly all of our business, approximately 99.9 percent, is conducted through partners. We do not typically engage in direct sales. Instead, we work through a combination of resellers, value-added distributors, and cloud marketplace providers. In my view, success in the software industry is driven by two key principles: a strong customer-first mindset and a consistent partner-first approach.
TAM: How are you ensuring that your partners truly deliver runtime defence capabilities, rather than positioning Upwind as just another dashboard in an already crowded security stack?
Simarpreet Singh: Our partners clearly understand that if they position themselves purely around cloud security or CSPM solutions, they are likely to face intense competition. Therefore, we have trained and enabled them to adopt a runtime-first approach. This means they begin by focusing on what is actually happening in the runtime environment and use that context to differentiate Upwind from other vendors. While there are other players offering runtime capabilities, these often come with additional costs. In contrast, Upwind provides these capabilities as part of its core offering, without incremental pricing.
As a result, partners recognise that leading with runtime context strengthens their value proposition. It enables them to engage in larger, more strategic deals, drive higher transaction values, and compete more effectively in the market. Consequently, they are naturally inclined to prioritise runtime security and contextual insights rather than positioning standalone CSPM or similar tools. This shift ensures that customers receive deeper, more actionable security outcomes, rather than just another layer of visibility.
TAM: You are tripling your APJ team and tapping Bengaluru talent. Is India primarily a high-growth sales theater for Upwind, or are you moving core R&D and ‘sovereign’ product engineering here to build solutions that will eventually export back to the West?
Simarpreet Singh: I would say we are addressing both areas simultaneously. India is a vast and diverse market, and it is not practical to rely solely on an internal sales team to reach every customer segment. While we are actively building our in-house capabilities across sales, pre-sales, marketing, and customer support, our partner ecosystem continues to play a critical role in scaling our presence.
For instance, if a partner organisation brings in five to six dedicated resources, and we onboard multiple such partners, it significantly expands our go-to-market reach. In effect, this creates a multiplier impact, enabling a much larger field presence to take Upwind’s solutions to customers across regions. Therefore, alongside strengthening our internal teams, we are equally focused on building and enabling similar capabilities within our partner network. The second important aspect is research and development. India has consistently proven to be a strong global hub for R&D and technology innovation. A large number of global organisations have established Global Capability Centres across cities such as Pune, Bengaluru, Hyderabad, and Mysuru, with emerging hubs in Chandigarh and Lucknow.
India offers a strong combination of high-quality talent and cost efficiency, which makes it an ideal destination for building engineering capabilities. In line with this, we are currently expanding our R&D and engineering teams in Pune and Hyderabad, and we plan to continue investing in this area as we scale further.
