India is no longer just an IT services powerhouse. It is quietly producing product companies that are holding their own on the global stage. miniOrange is one of them. Built over 14 years out of Pune, the company has grown into a serious player in identity and access management, competing globally on the strength of deep engineering, smart pricing and a genuine passion for security innovation. At a time when cyber threats are evolving faster than most organisations can keep up, the conversations around who gets access, how they prove it and what happens when that trust is broken have never mattered more. Anirban Mukherji, Founder and CEO of miniOrange, shared his perspectives in an exclusive interaction with Kaanchi Chawla of Elets News Network (ENN). Edited excerpts:
What advantages does building out of India actually give you in terms of engineering depth, market understanding or pricing and where does it still create friction in global deals?
Being an India based Company has given us a strong advantage in engineering depth and cost efficiency. At miniOrange, we have spent 14 years building products out of Pune, focusing on deep product engineering rather than a complete services mindset. India has traditionally been known for IT services, but product companies create long-term value because profits can be reinvested into R&D and innovation.
Our pricing advantage, along with high-quality engineering talent and efficient digital-first marketing, has helped us compete globally and remain cost-effective for clients. India also has strong technical adaptability, especially in product integration and AI-driven automation. However, there are challenges in global deals.
That said, friction still exists. Building trust as an India based product can be challenging due to legacy perceptions around services. Product ecosystems, deep-tech R&D culture and enterprise adoption are still developing in India. Nevertheless, AI and innovation are speeding up this change, allowing Indian product companies to compete at a much higher global standard.
Ten years from now, will passwords be completely extinct and if so, what replaces them in a world where biometrics and behavioural signals come with their own risks?
Passwords will not disappear entirely in the next decade, but they will become far less central. The real shift is toward adaptive, password-less authentication that combines device trust, behavioural intelligence, biometrics and phishing-resistant multi-factor authentication. Today, users often reuse passwords because managing multiple credentials is difficult, making one breach a gateway to many systems. Even OTPs are now routinely bypassed through phishing and social engineering.
The future lies in risk-based authentication. Systems will continuously analyse behavioural signals such as typing patterns, device usage, transaction habits, location and transfer behaviour. If a single unusual activity is detected, such as a sudden high-value transfer or multiple transfer within a certain period, or abnormal login behaviour – additional verification like biometrics or secure MFA will be triggered instantly.
However, no single method is fool proof. Cybersecurity in the future will depend on layered, context-aware and adaptive authentication rather than relying only on passwords or biometrics.
How is miniOrange embedding AI into its own access management frameworks, and how do you draw the line between automation and human oversight in identity decisions?
We are implementing AI into identity and access management primarily to improve speed, accuracy and threat detection. AI-driven anomaly detection helps us identify unusual login behaviour, risky access patterns, abnormal transaction activity and potential account compromise in real time. Unlike traditional rule-based systems that rely on static pattern matching, AI enables adaptive and context-aware security decisions.
Over the world companies are using Artificial Intelligence for lots of things like financial matters, legal issues, helping customers and keeping things safe online. This is because clients demand faster results. Artificial Intelligence is helping companies and customers in it.
Some things should not be done by machines alone. We think that important things, like who gets to do what money decisions or moving information around should still be checked by a person. The best way to do things is to use Artificial Intelligence to help make decisions and then have a person check to make sure everything is okay especially when it comes to security and following the rules.
India’s DPI stack, from Aadhaar to DigiLocker to UPI is globally admired. But where do you see the most underappreciated identity security blind spots in this ecosystem?
India’s DPI ecosystem from Aadhaar to DigiLocker and UPI has created a strong foundation for digital identity and financial inclusion. However, the biggest blind spot is identity assurance and adaptive authentication. Today, authentication mechanisms are largely designed for mass usability, but not all identities carry the same level of risk.
As DigiLocker and Aadhaar-based access grow in services we need stronger security. Users with high-value data like enterprises and government officials may need security measures. These can include phishing- multi-factor authentication, biometrics and device checks. Behavioral analytics and risk-based access controls are also important. They are more secure than using OTP-based verification. Another issue is that the ecosystem is still developing. DigiLocker has the potential to be a wallet for important documents like academic records and certificates.
However, access control and authentication standards are still being worked on. Aadhaar authentication is being integrated with identity providers. The adoption and implementation are slower than what we really need. The ecosystem requires progress. DigiLocker and Aadhaar-based access need to improve security and speed up adoption.
Also Read: The Great Recalibration – Why “Employability” in Indian IT No Longer Means Writing Code
Zero Trust has become one of the most overused terms in cybersecurity. In your experience working with Indian enterprises, what separates organizations that are genuinely implementing it from those that are simply rebranding their existing firewall strategy?
Many companies say they use Zero Trust. Actually they just add some basic security measures like multi-factor authentication or single sign-on to their old perimeter security. Real Zero Trust is much more than firewalls. It means checking who you are, what device you are using, what you are doing and how risky it is every time you try to access something.
In India I have seen that many companies lack protection against phishing, good management of privileged access, analysis of user behaviour and detection of unusual activity using AI. They still use systems and fixed security controls instead of flexible risk-based access models.
Companies that do Zero Trust well are usually those that are forward-thinking or have had a security incident that showed them their weaknesses. They know that cybersecurity is important for their reputation and trust with customers. On the other hand , companies that are struggling with priorities often see cybersecurity as just a cost, not as a long-term investment, in being resilient and building customer confidence through Zero Trust and good cybersecurity practices.
Be a part of Elets Collaborative Initiatives. Join Us for Upcoming Events and explore business opportunities. Like us on Facebook , connect with us on LinkedIn and follow us on Twitter.
"Exciting news! Elets technomedia is now on WhatsApp Channels Subscribe today by clicking the link and stay updated with the latest insights!" Click here!
