 Ladies and gentlemen, welcome back. What a great day of learning this is turning out to be. And after that amazing fireside chat with Naveen Gulati, it is now time to move on to our panel discussion. We're looking at talking about how to augment UX with without compromising performance and security. And ladies and gentlemen, on the panel today, we have Sahil Gowil, co-founder and CEO of Shiprocket joining us. Sahil being the CEO and co-founder of Shiprocket, which is a AI-powered logistics technology platform. He's also the visionary and driving force behind all the technology aspects of Shiprocket, giving his passion for products growth hacking and technology. We're also joined by Himanshu Verma, CPTO, Licious joining us. Well, Himanshu Verma being the chief product and technology officer at Licious. As the tech leader for a category creator like Licious, his role entails reimagining a large industry using technology as a driver. An industry veteran with over two decades of experience, Himanshu has been involved in leading and developing some of the disruptive tech-based solutions for well-reputed companies. We're also joined by Deep Ganathra, the CEO of MyGlamp, but with over 17 years of leading multiple technology focused B2B and B2C organizations, Deep brings extensive expertise to the table. His professional journey seems commendable and exciting. He's previously worked at the Bike Bank, websites Inc, a company based out of Canada as a chief technology officer, wherein he was responsible for building robust technology driven SaaS products for dentists and doctors based in Canada and USA. Well, prior to Bike Bank, the Deep headed a web development company named Web One Solutions, which primarily focused on developing technology solutions for various companies across the globe. We're also joined by Mayank Shah, CTO, Melora. Mayank is a seasoned technologist with 17 years of experience in both large companies and startups. His career spans across companies like Yahoo, Amazon, Thompson Rooters, HCL Technologies and Tesco. He's led large teams, small teams, and also set up teams from scratch. His team was responsible for increasing conversions in the product pages for Amazon globally. Mayank is somebody who understands the finer nuances of e-commerce and has expertise in building highly scalable online shopping platforms. We're also joined by Mohit Sadani, the co-founder of the Moms Co. After completing his engineering and then MBA from IMM Dabat, Mohit is somebody who's worked with McKinsey for seven years consulting with consumer goods and retail companies across India and UK. Mohit then joined Snapdeal as the head of strategy and road shaping efforts on acquiring and retaining users for the company. As our dad, Mohit first found it amusing then frustrating to see how difficult it is to get good, safe product choices for Malika when she was expecting and then their girls. When Malika was inspired to start the Moms Co. to solve their need for moms in India, she convinced Mohit to join in as the first team member. So congratulations on that incredible story to all the panelists of Warm Warm Belkin. And this session, ladies and gentlemen, is going to be moderated by Mr. Jatin Gumbi, country business head, Akamai India. But with this, I'd like to pass on the light waiting to Jatin to take it forth with his humble panel and have an interesting and a great conversation ahead. Over to you Jatin. Thank you, Bhavna. And I think great to have everyone to work. I think India, we are all going through a very interesting phase, right? Something which we call as the rear view mirror effect, right? When we see a change coming in, we see it's coming, it's coming. And when we're actually going through the change, we don't realize what kind of transformation we're going through. But once we are past that, we pretty much feel that it's always been there, right? It becomes such a part of your life that it's pretty much inevitable that it's difficult to understand that it was never there that way. And that's something which has happened with the e-commerce as well, right? The e-commerce with the boom of digital and all that. Suddenly, a life without online shopping, a life without having to click a few button on the mobile and getting what we want is unthinkable, right? And that's what really bringing in a massive boom. The Indian e-commerce industry is expected to grow at a category of about 27%, right? About 100 billion by 224 and about 200 billion by 226, right? That's a huge growth and a massive vertical which is coming up. However, engaging a customer and working through the engagement cycle, ensuring the learnings of how we're engaging with the customer and putting it back is a very, very important factor of how we are building strong digital brands, right? Visual Merchantize is now clubbed with user experience in a digital world. A consumer relates with a brand based on the engagement and trusted experiences during its engagement. This is business critical when we're building a digital-first company. According to one of the reports recently, conversion rates drop by about 4.4 to percent for every additional second of engagement with a customer, right? So performing to the very critical part of user experience, which in turn is critical for driving traffic and conversions. Also, personal experiences are becoming a must-have, right? Customers are now taking it for granted that they will have a personal experience when they engage with the brand. However, this involves gathering a huge amount of data, doing a lot of data crunching, analytics around it and ensuring we're able to deliver the right experience for the customer. There's something which we call as a situational performance or situational experience, right? Every customer and the situation it is is what he wants to experience in their area. At the same time on the technology front as well, I think each customer is coming from a different situation as well, whether it is they're coming in from tier one, tier two, tier three, different devices, different networks, different OS. And so very complex ecosystem in which the experiences are being delivered. And now our expectation is inversely proportional to the actual complexity which is going up, right? And in gathering all this amount of data, it also brings in a lot of threats along with it. So it brings in a fair amount of responsibility towards building a digital business as well. Akamai recently published a report called Loyalty for Sale, where interestingly, in 2019-20 alone, we saw 100 billion plus credentials with the tax on a platform out of which 63 billion were focused towards commerce on hospitality, right? So it is one of the most targeted areas. And interestingly, India is in the top three countries from where it's targeted as well. So we've seen a clear shift where data privacy, security, becoming a very fundamental part of delivering a secure user experience, right? And it's no longer a product discussion. It's a boardroom strategy as to how we're delivering. This, however, is always a moving and evolving target. And to discuss this way thing, we have such an interesting panel with us. So maybe let me start with you Deep. I think consumers today demand a certain level of experience when they're engaging with the business brand, right? Experiences drive loyalty. You have a diverse customer base from across tier one, tier two, to tier three cities. And they're coming from different conditions and all that stuff. How do you ensure a uniform and personal experience for everyone irrespective of where they're coming in from and how the network and device conditions and other things are as well? Yeah, so at Miglamp, all the customer journeys are highly personalized based on the behavior on our platform. We purchase behavior, we view behavior or they view the content or whatever, right? And the recommendations are then sent based on their location. So for example, the recommendation of a person or tier two city will be different than tier three, depending upon their behavior obviously. But those products or those kinds of content will be very different. Now, the second layer to this is the device, right? So the system automatically detects the device preferences based on the frequency of devices they use for our notifications. So if they are using SMS frequently, the SMS notifications are given higher priority for them. Or there is also reachability as well. So for example, we check if the person is reachable on the push notification, if not, back up as email or SMS is sent based on the user's preferences. So this way, the experience of the user is uniform across all the devices and the tier two will get the right notification for them to get the right personalized recommendation and so on and so forth. So that's how we work. You are on mute, I guess. Sorry, I think that's the most popular sentence of the last two years. But yeah, I think absolutely. I think that's interesting Deep. And I'm assuming that when you're doing this, we've seen also a gradual shift of where these logics of personalization, they move from browser to origin and now to a server less where we talk about the agent. So how do you see that shaping up as well? No, I see a lot. In fact, at Maglem, we use serverless technology at many places, obviously not all. So for example, many personalized journeys are run by serverless functions where whenever those are required, the serverless functions are hit and we obviously use that. And at many places like for example, there are many data analytics related tasks where the analytics are shown to users at a different level, right? That's where the serverless technology comes in pictures is very helpful for us. Even for technical tasks like data transformation or let's say even in our CI-CD pipeline. So those are the technical part, but for the business also the serverless technology obviously it is extremely helpful for us. And these are the some of the areas that we use it. Yeah, interesting. I think, Imanchur, maybe coming to you on that part itself. One, of course, the same thing which Deep just mentioned about driving uniform experiences but also at the same time, customers are expecting more and more immersive experience. These are now the applications are no longer becoming more and more heavy, very image and video heavy. But it's inversely proportional to what the expectation of the customer is, right? On one side, the tech stack, the expectation, the amount of objects, the number of third-party integrations are growing multi-fold, but the expectation of a customer as to how the application should engage is going inversely proportional. How do you strike that balance? Yeah, I think, as Deep also mentioned, today the reality is that every customer is unique, right? Our system seems to be built for understanding and respecting that phenomena, right? Which is where I think personalization becomes extremely important to understand, deeply understanding the customer becomes extremely important and being able to tailor the entire experience for that unique customer becomes extremely important, especially in any e-commerce category and especially true for a category in which we operate, which is food. Every customer's taste pattern is very, very different. We can't even do something like collaborative filtering to say that, you know what? Your friends like this, hence you are going to like it, you know? So we have to really deeply, very deeply understand each customer and respond to that. Also, while it is extremely important to really have a very seamless experience across your app and website for the customer, it is also important, especially for an e-commerce player like us to be able to provide that experience across all the customer touch points. You know, while first touch point of the customer on the website or the app is extremely important, equally important is the touch point on when somebody delivers the order to a customer, right? Or when somebody calls the support center for any support or help, right? So, you know, creating, I would say a immersive end-to-end customer journey, keeping all these touch points in point is extremely important. So, you know, what we essentially do is we look at the customer journey across this broad spectrum and build technologies, interventions around all of these elements to constantly lower the friction across the board, right? Whether it is via personalization, whether it is via deeper integration so that what the customers get is a seamless experience without really having to, you know, spend a lot of, I would say, cognitive load on their mind to be able to use our services. It should be extremely simple to use, you know, somebody comes onto the app or website, orders something that gets delivered, no questions asked in the middle, right? That's where I think the larger part of hiding the complexity becomes extremely important. Customers expect that complexity to be hidden away from them. They need very, very clean interfaces, very, very, you know, clean end-to-end experience, which does not really require them to be, you know, to be, I would say, digitally savvy or, you know, have a PhD in using an app in a way, right? And a large amount of effort is kind of going in that direction, right? Other thing to kind of understand that is, you know, customers' expectations continue to grow, you know, what was, what great CX was a delight factor yesterday will become a, you know, base expectation tomorrow, right? So we need to constantly keep on, you know, raising the bar on the customer expectation all across the board in order to continue to serve even the same customers, you know? See what has really happened to, let's say delivery speeds in India, I mean, till three years back, next-day delivery was a great delight, you know? Today, 30-minute is the standard, right? Or becoming a standard, right? So it has gone from, you know, 48 hours or 24 hours to a 15-minute. And who knows, tomorrow it may be instant delivery where some way, some technology, you know? Absolutely, absolutely. I think an interesting part there is that, you know, a customer doesn't care about the complexity of the packet. He wants it, when he wants to engage, it should be there. So he would want a high-resolution image, but it should load just when he's looking at it, right? So I think that's where logics have to built in that what are we, you know, what are we putting it? Where are we cashing come up with them? How are we building the image optimization, the bases on the, you know, network condition and the right images, bases, the device and think, oh, oh, interesting, interesting. And I think, man, coming to you, of course, that's the consumer side of thing, but even from a business side of the thing, performance plays a key role, right? Whether it's your SEO ranking, whether it is, you know, driving traffic to your website, which in turn drives conversion. So it's a moving target. How do you benchmark? Like what is a, what's a good performance benchmark? And it's an ever-evolving. So how do you want things to improve on that one? Right, so I mean, we benchmark with ourselves. I mean, obviously we benchmark with our competitors as well and the market leaders that are there in the, in the market, all the e-commerce players and also learn from each other. So like you brought a very important point wherein you said, you know, third-party integrations and customer experience, you know, kind of, those are contrasting pulls that, that you have to kind of manage through in between somehow. And how do you integrate these third-party capabilities onto your system and still do not degrade the performance in terms of page load times, in terms of app load times and stuff like that? Is something that's a path that, you know, you have to walk through and figure out and a lot of these tools are, you know, you don't really need to load them instantly. And a lot of these tools are needed at a later stage, you know, so you can, can you defer them? Can you load it later? Can you lazy load them and all that? Apart from that, you brought in a very important aspect where is image quality, right? For a brand like ours wherein jewelry needs to look very glossy, needs to look very aspirational, right? The image quality becomes a super critical, who nobody would buy on a parallel or a jewelry which doesn't look like, you know, mouthwatering to kind of reuse that phrase. And all glossy or all good-looking images, unfortunately come at a larger sizes. And the bandwidth penetration, I mean, obviously it's much better now, but if you go to tier two, tier three, you're sort of going at a lower bandwidth networks and how do you kind of optimize your image delivery? How do you cash most of it? How do you kind of give an impression to the user? Hey, you're looking at a great quality image, but actually it is not really a great quality image. And the great quality image only comes in when the user actually blows the image out toward like a bigger smartphone or a full screen or whatever, right? So those are the tricks we kind of keep playing through the techniques we kind of keep doing to kind of get that user to get hooked on to that product, get hooked on to the app, to the website as well. And like you said, organically growing is one of the most critical things. I mean, most B2C players have done that in the past and learning how organic traffic and organic traffic behaves, how Google's kind of evaluates your website in terms of page speed, numbers, in terms of, and Google has its own way of kind of giving you a score as to how good your website is, understanding that and making sure that you are aware of how Google is evolving in terms of its algorithm updates, in terms of its changes so that you are on the right path and you're always on the right side of the change rather than falling on the wrong side of the change. Occasionally, you've got to kind of let go of certain good aesthetics that are sort of widely accepted in the industry just to get that good, just to be on the good books of the Google so that to make sure that you kind of keep ranking up rather than purely looking good. So it's a chicken and egg problem, but as a team, we are kind of learning and evolving as we go along. And I think we are probably on the right track because our rankings have grown significantly in the pandemic itself. And that's a good thing for us for sure. Yeah, it's always a catch-up game in terms of keeping up with the new ranking mechanism of what are the new things which are looking at. Yeah, yeah, yeah. Interestingly, interesting. So I think Mohit, we heard an interesting story about how you guys came about starting the thing and it pretty much started out of trust, right? That you wanna trust a brand and you could not find, so you said, okay, now what? Let's create a brand in which you can have trust. So even from a business perspective, right? User experience of technology or products, that's what drives trust. That's what kind of build brands, right? How do you see from an overall, we were the tech part of it, but even from a hardcore business as a new startup and new entrepreneur, how do you see that? Yeah, I think the very similar in sense to what others have said. So if you map out your consumer journey and look at what are the different points of time in which you can either build or break trust. And that also evolves over time, right? So like you said, we now four years into the ecosystem our platform has also evolved quite a bit. I think the most interesting change that's happened is consumers have just got used to, what we call Instagramming products, right? So earlier content used to be very, very important and consumers used to read. Now, if you look at the latest reports that just come out from Bain as an example, only 7% of consumers read any content, right? The rest of them are just scrolling through the images before deciding what to purchase, right? So over time, therefore, what's happened is you look at if this is my consumer behavior that's changing and as a brand, I stand for natural drugs and free products and I drive trust through a lot of the certifications I have, my certifications now need to move from bottom of the page where consumers are consuming content up to the actual images that they're browsing, right? And so you look at that at every step of the journey. The most interesting thing we found as an example was in the post-purchase behavior. The fact that our SMS engine was running 10 minutes low means consumers, once they made a payment, got SMS 10 minutes and that was a huge barrier of trust, right? Because like you said, even the SMS delivery and email delivery expectation is instant, right? You will almost immediately go and wait for the notification as soon as your order's been placed that hey, your order's confirmed, right? So it's at every single step of the journey, the way we've mapped it out is what is an intervention that is an expectation from the customer which is hygiene? Is there an intervention that we can do that actually builds more trust which is above and beyond what competition is doing? And is there any part of this experience which would actually break trust, right? So a cart not showing what you've actually done, instantly breaks trust, right? If you're promoting a certain MRP and then a discount but you're not showing those prices again on the cart, it breaks trust because consumers are always looking for what are the signals that you're giving me that you're fooling me in some shape and form, right? So it's exactly that. And as a brand that is trying to build trust at its core, it is very important that the products itself work but also the entire user experience is geared to constantly build more trust and deliver very high on that parameter for the consumer. Yeah, I think that's well put. It's very interestingly put. And I think on that point, I'll probably ask you Sahil because you're in a very unique position, right? You are talking about similar to what Mohit said on trust. Now we're talking about trust of consumer of your customers, right? So we are talking about trust at various layers. And in order to offer a seamless service to your customer's consumer, you're at the back end is a complex ecosystem of partners and various apps and API and everything coming together to make that one engagement, right? So it's becoming more and more complex. How do you kind of ensure that from a trust perspective where both your customers and their consumers further trust you with this thing, especially from an apps and API perspective, how does the integration look like? Given that it's a very API heavy ecosystem which we're getting into now. No, I think Jatin completely agree with pretty much everything everyone's mentioned so far can relate very closely with what Himanshu and Mohit Deep and Mayanku were talking about. For us, at least given that we've been in SMB enablement now for like 10 years, we've been the shopping cart enablers and now we are shipping enablers. Having lived through that journey, I think one thing we picked up is trust is a combination of predictability, right? It's a combination of intent, right? To what Mohit was saying that is your intent correct and then it's a combination also of capability, right? And that comes after the order is placed there. Are they even capable of delivering what they promised me? And I think that flywheel continues to happen as long as you can deliver on all three, right? I mean, that's one way to put it. And I think this starts all the way from, imagine like you see a cool ad on Instagram, you press a button and Instagram's UX is obviously well tightened up. And then you land on a website and then there's like six CTAs, nothing's working. It's not a great experience, right? To what Imanchee was saying, it should be simple, you press a button, stuff appears. That's how it has to work, where all the complexity, think of Uber, right? It's pretty simple, right? Press a button, a cab appears. But there's tons of stuff happening under the hood, right? So I think that experience needs to really be, the trust I guess starts from the UX to some extent that can I even use this, right? And then goes on to like security to some extent when you talk about the card, the checkout, where is my card information being saved? Is this website using the right backend provider to kind of secure some of these endpoints? And then further trust to us as a shipping enabler today basically starts from the checkout and onwards where we're saying, look, for us to be able to tell the consumer when is exactly their product coming to them, right? Which is again, a very simple statement. But really it depends on a multitude of parameters, right? Which everyone on the call will understand in terms of where is somebody's stock line? So that's one API. Who are the various carriers that are available that can service this particular order? What is the average delivery time each carrier takes for each mode? What is the pickup cutoff time from the place where it needs to be picked up? How much time does this merchant take to process the order? And then you put all of that together and then go back to the consumer saying, look, I've got these two options, right? And I can get it to you on this date. And that's where the beginning of the post-order trust starts, at least from our perspective. And then of course, once you go through that, you have to then like Mohit also said, communicate to the merchant, to the consumer, right? That I said it's coming on X date. Is it coming on X date? You know, you need to make sure that they are constantly kept in the loop. You need to make sure that, you know, the actual delivery of that item happens on time. The product quality, obviously, but then also the sort of packaging or how do they receive it? When do they receive it? Are they getting enough information? And do you offer returns, right? So I think, and again, I know I'm making it very e-commerce and shipping centric, but that's sort of something we breathe every day, which is why I can sort of, you know, talk about it. But I think to us, you know, trust is extremely important, right? In some ways, you know, as a shipping enabler, we create trust between the merchants and our carriers saying, look, I'll give you a set of APIs that will work. You know, that won't break. Where if A means B today, I will still make it mean A, right? So things don't break down at your end, where your data will be, it will not be compromised. You know, it'll be encrypted. It'll be kept in the format that you can feel trusted working with us. And then we also help you create trust as a retailer between you and your consumer by giving sort of a more predictable experience, right? While the shopping carts of the world can sort of help doing the first bit, we try and take over, you know, the moment the order has gone through the buyer journey. So, okay, well, what can I do now to continue that, you know, transposition of that trust further downstream into the order journey? So I mean, trust to me is everything. And you know, I do think that it's no longer transactional, right? I think every brand, every business, you know, everyone needs to be thinking about this, you know, from all aspects. And I do think UX, security, communication, all of those things bring predictability, which I think is extremely important, right? When trying to build trust. God, I think you mentioned briefly about the API part as well that how you're integrating various APIs and then opening up your API as well. How do you manage and how do you kind of both have visibility into it and secure the APIs? Yeah, so I mean, look, we have two sets of APIs that we integrate into, right? We'll integrate into a bunch of channels, which is where brands receive orders, you know, it can be like shopping carts, it can be inventory management systems, OMSs or even marketplaces. And on the other end, we have all of the carriers that we work with, which can be like local guys or national guys or air or surface, all kinds of modes. We even integrate a bunch of WMS providers, which is where we run warehouses. So there are like over 50, 60 integrations. And then of course, there's the whole KYC integration, the banking integration, the payment, there's a bunch, Elephony, right? That come together to make, you know, a lot of this possible for, you know, D2C brands. From a security perspective, I think, look, on the channel side is obviously, you know, you make sure it's all HTTPS, you make sure it's all OAuth, you know, you tokenize, even if the channel is poor or the carrier is poor, you put in your own layer to say, well, okay, even if the intransit is not as secure because the receiver isn't secure enough, you still put security into your app, so you're not the source of the leak, right? So you don't become the source where somebody gains control and then, you know, kind of screws something up at the carrier end. But typically I found that as a middleware application, as an API stitcher, if I can call ourselves that, we find that everybody who's at scale pretty much has secured their endpoints, you know, and we don't necessarily do anything additional today to kind of do, you know, yeah, I mean, it's literally taking data from one side and then transposing it and then kind of pushing it downstream to the other. So we focus very hard on our APIs, right? In terms of protection, you know, we use a bunch of stuff around like firewalling, you know, we don't have a, so we don't have a proper DDoS system yet, right? But we do use some controls in terms of, you know, by getting where people can enter. There's only one endpoint, which is open to the public. How do we protect that? You know, how do we monitor that? How do we put firewall rules in it? How do we block IPs? So we do some of that stuff. So people aren't really trying to abuse us, but again, there's like people in Ukraine, you know, I don't know if they're people, but there's hits from Ukraine, from China, from a bunch of places unheard of around the world. I mean, which like it's impossible to eliminate, right? And we've used Akamai before, I know you guys do some of that. So might be a conversation post call to chat again on what we can do there. Oh, interesting. I think, absolutely. I think it's interesting that half the traffic today on internet is not even human, right? It's easier machine to machine or bots and there's so much going on. And yeah, there's a lot which goes under the hood, but at the outset of it, the customer expectation is that when I need it, it's there and I've got the experience around it. And I think on that point itself, Iman Chuaiz, you know, we're all building for a 24 seven always connected world. We're always working on that. And what's your view on security, especially when it comes down to protecting our apps and APIs, because we want, you know, whatever is being worked on when that one transaction is happening, it should be available. Any kind of outage or any kind of thing effectively means loss in revenue, loss in everything. So security plays a very big role in that, right? How do you, how do you guys build that? What are your views on that? I think, you know, as you rightly pointed out, you know, I think in today's environment, security is a big driver of trust in any platform and brand, right? Nobody really want to kind of converse in any meaningful way with a brand or a platform which they deem to be not secure, right? So security cannot be an afterthought, right? Which is extremely important. It has to be the first class function and citizen in any organization context. Whether it is infrastructure security, API security, you know, a website and app security, I think it's extremely important, right? Now, there are few factors which are important for us and I guess with most of the organizations which are in that stage, which is, you know, organization-wide, how do you really build security as a first-class construct so that you're not really doing what I would call as reactive security, you know, versus, you know, building for it proactively. Now, for a technology platform, it means multiple things. It means your infrastructure is secure so invest deeply into, you know, various kind of tools and infrastructure, whether it is VAF or whatever else it is, you know, in order to really secure your infrastructure, right? Second part is, you know, having a deep understanding of secure design and coding practices because security cannot, as I said, cannot be an afterthought. It has to be really built into your SDLC pipeline in a meaningful way. That means your developers and designers understanding what it means to write secure code, what it means to write, what it means to really design systems with security at the forefront, right? Becomes important. For that, you know, we do have, you know, a fair amount of kind of organizational initiatives going on around that part, whether it is reviewing your designs very frequently for various security best practices, you know, building vulnerability scanning and testing into your CI-CD pipeline, you know, doing or conducting, you know, VAPT kind of test very, very frequently. And also, I would say building organizational muscle so that everything that comes out of a security review becomes the P0 priority for the organization, you know, which is a big, I would say fault line in the organizations because some of these things needs to be done at the cost of something which is required for the business, you know? But having the, I would say, as you rightly pointed out, board level understanding that a security is P0. If there is a security bug in my system, I'm gonna drop everything and fix that first and then go to that is extremely important, right? Similarly, you know, as I said, and as some of the other panelists also pointed out, securing every endpoint, whether it is app, whether it is your website, whether it is your API endpoints becomes extremely important, right? Doing everything, understanding that, hey, how your endpoints are being used, understanding and identifying malicious patterns out of that proactively so that you can really block access, extremely important, you know? A large amount of traffic that hits any website today is all bots, all threat actors, pretending to be someone else, understanding that they are differentiating between them and your genuine customer traffic is extremely important, right? So investing into, you know, right kind of tools, whether it is around threat intelligence or proactively monitoring your API patterns and building some sort of a knowledge base around that part becomes very, very important so that for your business, you are able to say that, hey, this is a genuine traffic and this is, you know, a malicious traffic and I need to do something about it, right? And of course, security is always, you know, in terms of security today, every organization need to be one step ahead of the threat of the bad actors, right? And that takes fair amount of effort and constant attention to it, right? Also, what I also feel is that, you know, I think in the recent past, the significant part of the security breach surface has shifted to the edge and what I really mean by edge is, you know, the real edge today is actually a mobile phone, right? A large amount of threat perception and breaches happen from that endpoint, you know? So ensuring that artifacts like authentication tokens which are securely stored on your mobile, you know, as well as life cycle, their life cycle is managed really, really, you know, easily, right? Because most of the sites have, right, really got rid of passwords today, right? Everything is based on SMS authentication but that also means that you are storing certain authentication credentials or tokens in the app. How do you really ensure that they are secured, right? How do you ensure that you can still identify a genuine, you know, attempt to use your services using the app versus an ingenuine attempt to use that, right? So understanding that pattern also becomes very, very important, right? And building, let's say, two factor authentication whenever you say that, hey, this pattern of usage does not really mimic earlier, you know, authentic patterns of usage by the same user becomes extremely important, you know? Which may happen because your somebody's phone is stolen or somebody's credentials are stolen, right? So we can't really trust that part as well, right? I think that's what I would say, you know, keep security as a very high priority because that is directly correlational to your, to the trust in the brand. Absolutely. I think it's a pretty well-ported watch and I covered a lot of aspects of that. And I think you're right, even to Sahil's point, right? It's first, reducing the attack surface itself, right? That what all are your things? So it's a bit of a bear of that. Second, I think you're as smart as the amount of data you have to take the intelligent decision, right? So you're talking about threat intelligence on wing, what are the new vector? Then how do you wanna keep up with that? And third, very important is where are you fighting the battle? As you rightly said that mobile is the new edge, right? Or, but at the same time, you know, how do we ensure that the checks and balances in place that who's engaging with the application? Whether it's a human or a bot. If it's a human, then what's the journey? If it's a bot, then how do we manage it? So it's an evolving thing where it's important to have a strong visibility in order to take the right decisions, right? Without a visibility, you cannot drive the right decisions and the right factor around them. And I think on that, specifically on the bot spot, right? I think let me ask you deep, I think, you know, we've all been discussing. Sile said he's got users from Ukraine and China coming with their own business. And clearly they're not humans, right? They're a couple of bot actors and all that there. But at the same time, bots are, you know, all over. They're good bots, they're bad bots. To my young spot, a Google SEO, it's very critical bot, right? But at the same time, someone trying to do a credential abuse or trying to do an account takeover, inventory grabbing, all these are problems which comes in with bots. And bots cannot be, you know, unlike the other threads, you block them, they'll find another way to come back, right? That's the, that's the very nature of a bot, right? So with the increase in the bot activities, do you guys see that kind of increase at your side as well? How do you guys put a plan and strategy to visibility of bots and the management of bots? So I think the bot is going to be the common problem across all the platform. Doesn't matter whether it's B2B, B2C, whatever, right? And that is always going to happen. It's always going to be a cat and mouse kind of chase all the time where you keep blocking certain bad bots using some infrastructure firewall, you put some kind of learning or automatic updates and everything, but they will still figure a way out. I think the way I personally see the, instead of blocking and everything, it will be more about learning from their patterns and restricting the data based on the behavior of those bots, right? Or maybe you can even say users, right? So blocking, I personally see that may not be the long-term solution. How long you'll keep blocking different kinds of bots, right? They'll just keep popping up. Instead, you do not give them the data which they are asking for. You obviously from the patterns, you can easily understand. And apart from all those things, I'll just try to add more on the security part where it relies more on the other aspect where everyone talked about the API's securing endpoints and everything, but there is one major aspect about how you code, right? So we have seen instances in the past that someone has kept some bucket open. Now bots will basically end up scanning those buckets and scraping all the data or someone has actually put some configuration variables in the code itself and that code is put on some GitHub's public repo. And that's most common thing to do, right? And that's where these bots go to these public places rather than your platforms, secure the credentials or whatever the important information and then they attack on the site, right? Don't even, in many cases, they don't even need to attack. They just get it from outside public bucket, right? And then the blackmail. So obviously you need to solve the bot problem as well, but other than that, if you secure this, the area from where your things are leaking, if you put more checks and balances, right? That's where I personally feel you can prevent a lot of things and other things obviously network firewall and a lot of things will prevent, but the main root cause in most of the time, most of the cases is that. So at my glam, what we generally do is when you commit push any code, it just go through automatic security checks with checks for the vulnerability and everything. And as a second check, if it fails, then obviously the test fail and just comes back, developer will have to fix it and the same thing happens in the CI CD pipeline. So in case something got skipped at the commit push level, it goes through another check to ensure that nothing gets missed. So that's how we personally check. And obviously for the bot, like I said, at the network level also we do a lot of learnings and we try to prevent things, but obviously it's not 100% secure. I don't think anyone will be able to make it 100% secure here, yeah. So that's how we do, yeah. You're right, nothing is 100% secure, but you kind of, and security is multi-layered, you're right. It starts with the very core, so with the entire concept of shift left and kind of start putting it the right thing at the code level itself. Second is where are you deploying the code, right? And that's where to your earlier point, serverless is becoming more and more the norm that you are decoupling your origin to where the code has been running. But at the same time, who's engaging with it? And blocking also mean that at time, that's a risk of blocking genuine users, right? It could be an important request. So blocking is not always the answer and I think the interesting point you shared was that probably one of the good mitigation could be serving them different content from what they're coming in, because eventually they're coming for something, right? So yeah, getting a visibility of whether it's a human or a bot, what are they coming in for? Is it a known or unknown bot? And then put things around it and make it a good multi-layer strategy around it. But that's interesting, I think, but it comes with a favorite of technical expertise, ongoing maintenance, ongoing understanding. It's not that we put something today and now we put for the next, even six months, forget a year, right? Because that's an evolving thing. But to Himanshu's earlier point, that at times if you know of vulnerability, you drop everything and take priority in fixing that, right? When it comes about. But what happens when it's not budget? Like in terms of when we are talking about fighting, we are especially a startup. And in a, where we're struggling for every dollar to be deployed, right? And we are talking about the priorities on products, on business development or branding and other thing that suddenly we've got the existential problem of these kinds of things, right? So interestingly, what we were discussing that, you've been looking at outsourcing as a way to go in terms of rather than building it in-house, you kind of work with team of experts and specialist around that. Would you wanna share something? Like how much of this can be built in-house and how much of this should be kind of, you use the right partners around it in order to strike the balance? Yeah, the most interesting question I think people don't ask is for the company or the brand I'm trying to build, is technology an enabler or is technology the mode? Yeah, right? And I think over time I've seen now many, you know, I'll give the funniest examples I've had. I've had a restaurant owner trying to launch a brand with his first hire being a CTO. Right? And so that, I think what ends up happening is you get so enamored as a founder on creating a digital first business. You may end up forgetting that there are very large-scale secure platforms like Shopify or, you know, in our case, we went to Magento, you know, that have taken care of all of this and solved for this, right? As exactly what you're saying, the choice you have to constantly make is, is the technology investment I'm making today really going to be a mode for me at this point of time or is it something I can pass off to the later? And my advice to most entrepreneurs is to start with a secure, stable platform, focus on building the product and building the brand loyalty and the customer love because that's what helps you succeed in the long term. As you get to a point where the brand is large enough, then really invest in bringing that tech in-house and making a differentiator. That's very different. Which I think us at MyGlamp, for example, have further different tools, right? On that, because I think we approach tech always as a differentiator being a D2C platform. We always have been a digital-first platform and so given that my products are available on an Amazon and an iCa, what I'm really building trust on is less my platform but move my products, right? Delicious, I think the entire technology is very, very deeply integrated and needs to be all the way from the front to the back. Right? But I think the biggest advice I would say is, look, it is a important decision and you know, if you are a startup founder, take an honest approach at, are you a tech company that's selling stuff or are you selling stuff and tech is an enabler? And then, you know, over time, the ecosystem has really evolved. You get fantastic off-the-shelf products and ecosystems and solutions that you can integrate into. Like we use shiprocket as an example. I am not going to go and build out the entire digital system tech, right? It's silly. It's a very small portion of my business differentiator, right? So you just find the ability to create a very healthy customer-centric tech stack with what's available out there. My sense is start with that and over time see what you want to bring in house. Interesting, interesting. I think that's, that's very good advice. And interestingly, because you mentioned the shiprocket, so Sile for you, it will be, I'm assuming a little different because now that you're in a very unique place where you are building customized offerings for your customer. So a common platform may not be the way, of course you'll use picks and pieces and bring, but then you're building your own ecosystem as well, right? And you would need an in-house tech team which is also ensuring on experience, security, all that. How do you strike a balance? Do you, how much do you keep in-house and how much do you outsource or how much do you partner with? No, I think so we are diametrically opposite from Mohit, right? And rightly so. I mean, they can do what they do best because we do what we do best. What I mean by that is we don't outsource anything at all, right? Because for us, I mean, this, we are in the business of tech, literally, right? So while it may, you know, while of course the end outcome is that of a customer experience engine or a supply chain engine or a next day delivery engine or whatever it is, it's riding on significant amount of tech and integrations and APIs and data science and whatnot. So for us, everything, we have a team of 150 engineers and, you know, I think Mohit hit the nail right on the head saying that, look, you want to be digitally evolved, do it, right? But know what you're doing, right? If you're a digital, like if you're a tech first company and by the way you sell products, right? It's very different from saying, look, I'm gonna build my business on digital. I am a products company, I'm a brand and then I'm gonna sell everywhere and then whatever is available, I'll use it and then if I become 100 times of where I am and I need to augment some of that tech as I grow, then so be it, right? So I do think that it really is very important, I guess, to know that, right? And Mohit said, be honest with yourself. I think it just struck a chord with me because I've seen the same thing where, you know, I'll meet other entrepreneurs and they'll be like, oh, I've hired a data scientist. I'm like, you don't have any data, what are you gonna do with it? So the point is knowing what is it that you want, right, is extremely important as you start out and then of course, I'm not saying one is worse or better than the other. I mean, of course, it completely depends on what you want out of your venture, right? Or out of your business. But yeah, for us, of course, this is life, right? This is, you know, we're a bunch of techies who kind of make life a little better, you know, for our retailers. Yeah, interesting, no, absolutely. I think it's a, you gotta see what's your, what's the DNA of the organization and what are the tools and bones around that? Of course, if it is a tech business offering a certain service, it gotta be that way. But in terms of having certain specialized function and all where you're still, I'm sure you have partners and all that for some of those things or it's like, for example, it could be any of, if you're building any microservices or stuff like that, it's completely in house. Yeah, so all of our tech is built completely in house. And then of course, we use a bunch of services, right? So we'll use AWS, we'll use all of the sort of infrastructure services if you will. But the actual applications are all, like we don't really outsource at all. I mean, we've just found that it doesn't, I mean, for us, it hasn't really worked too well because it's just, I mean, it takes longer sometimes, you know, when you crunch for bandwidth, but it's just more permanent, you know, and we've just sort of, we've tried it very little some many years back and it's not, not something that's worked for us, to be honest. Got it, interesting. I think maybe coming to you, my uncle, like in terms of with all the, you know, complexities and the layers of security which we're talking about and ensuring, but still coming back to the earlier point of view, every time you're adding a layer of security or somewhere also compromising on user experience, how do you strike a balance, like in terms of between security and experience? I guess it's, it's a, there's no right answer. You kind of look at a lot of data on how users are kind of interacting with your app. And if you keep on adding layers, you're going to pay a cost and that cost may be performance, that cost may be something else. And at some point you'll start using, you'll start seeing disengagement from the users. And that's where you need to, so we keep adding layers of security in terms of APIs and then tokens and stuff like that. But at some point we stop when we see that either the responses are too slow or at least if the tier two, tier three cities, purely because of bandwidth restrictions or limitations, the additional layers are kind of taking significant amount of cost and that's hampering consumer experience. So yeah, so I would say your analytics data from your customers experience in terms of how they are interacting would tell you where is the right answer. And for each kind of business it could be very different. For us, fortunately, most of our customers or users kind of get onto a platform for Metro, so that probably works better for us. But then we're also expanding into tier two, tier three and we'll have to see how far we can stretch that line and not compromise on consumer experience in terms of performance or in terms of whatever customer is looking for. Sure. Yeah, I think that's again well said. I think, let me come to you, Emanchio. I think you guys are at a very different stage of and to your earlier point also on budget allocation, the time that if you know that there is a priority which is a security priority and stuff like that, then you would ensure that whatever it takes that might even take precedence over the other business priority. But how do you plan for it a little in advance? Like when you're doing budget allocation, when you're doing resource planning, if you've got certain manpower requirements across different functions, how do you prioritize one over the other? Given security again is a very specialized function now, in terms of, there's always a crunch of good tech and even further good security. So how do you do the resource planning? How do you guys allocate and look for the right investments in the right places, how do you? Right, I'll kind of build on what Mohit was saying. From my standpoint also understanding it at each stage of the company, what is your core business and what is context is extremely important. Deploy your manpower, whatever you think is your core, which can really create a differentiator for yourself or a mode for yourself, deploy it there. So with that part in mind, you are absolutely right, building in-house depth and security is very hard. For any, I would say small to medium-sized company, because of the sheer fact that there are not too many people who understand that deeply, right? It's a very, very highly specialized skill and continues to become more and more specialized as we go forward, right? The complexity of security threat and how do we really mitigate it to continues to become much higher, right? So from that standpoint, no, what I have done and are not only atlicious but at elsewhere as well is that, you know, find a few partners who can really work with you on that part, right? Who can really give best-in-class subject matter expertise around security, right? Co-build with them around your security apparatus, right? So that you don't have to really invest into building all those skills in-house, right? Use them for, you know, any and everything related to security and so on so forth, which is what we have done. Also, you know, having a good, let's say a bug bounty program to get value and wisdom out of the crowd and, you know, from the growing community of ethical hackers is extremely important. Engaging with the community or security community from that standpoint becomes very, very important for the company, you know, at some stage in their life cycle when people know you and obviously size also brings in, size and success also brings in attention from variety of threat actors across the board, right? So engaging with that community becomes extremely important, which is something that we have done in the recent past, yeah? Yeah, I think, interesting. I think maybe on that same point deep to you as well, like, you know, Imanchu mentioned an interesting point that specialized resources and how do you work with certain partners and also the other aspect of it is that it's also an evolving landscape, right? You wanna ensure that what you're deploying is continuously updated with the latest threats. Any new vulnerability, how are those kind of looked at to bug bounty is one part of it, but how do you constantly keep your, you know, threat landscape or a security posture updated with the known and unknown threats which are evolving out there? Yeah, so we have two methods of working for security. Obviously, one I just told you and second is we have a security consultant in-house whose job is to ensure that we are always, he's on top of everything. And there are enough security attacks are done within the app itself or the live version just to check whether what breaks, what doesn't break, what happens if you access, there are some end points, like you access something for one point, you get some data, go to two, three different end points and boom, you get a lot of other things. So, you know, that happens in-house, but again, you know, in-house is always limitation, right? So what we generally do is we have third party also, they do the security audits on all our applications and the infra level as well to ensure and they will certify us saying that, okay, these are the things which are secure, these are the end points or these are the servers or whatever you need to improve, right? And then we take those things extremely seriously and we always work two ways, one is in-house, one is outside, so that we have a double check for things always. So that's how we generally do it for everything, yeah. Interesting, interesting. You know, I think all of you guys quoted pretty well and it's been a very interesting conversation where some great insights on organization that different phases of growth coming from a very diverse background, right? To what Bohit said, to what Sahil, Mayank, you know, Hemant should be, but I think everyone's got a very diverse perspective to a common problem, which is customer experience and trust. But at the under the hood, the amount of plumbing which is going on, it starts from the very DNA of the organization, what your priorities are, to what you're trying to deliver and how do you wanna go about delivering those resources around it? But I think one common aspect and one common thing which works around it is that consumer is effectively the king and that's what everyone is working towards and to ensure that we have his trust and ensure the experience and engagement which your consumer is having with a brand is at the, you know, is the existential block around which all digital businesses are built. So thank you all. I think it's been a fantastic conversation and we definitely hope that everyone benefited and enjoy the conversation as well. Thank you.