Day: May 28, 2026

Designers Like Apoorva Avadhana are Rewriting the Approach India’s rapid expansion in IoT, smart surveillance, and AI-driven security systems has brought data privacy into sharp focus. From CCTV networks and biometric authentication to mobile-based identity verification, the country is building one of the world’s largest data ecosystems. Yet, within this transformation lies a complex paradox – the same data pipelines raising privacy concerns are also enabling unprecedented breakthroughs in accessibility. For millions of Indians with disabilities, especially those with visual or motor impairments, access to everyday systems such as banking, governance, and identity verification, often remains deeply uneven. Technologies like ‘Seeing AI’ demonstrate this tension clearly. Acting as a ‘virtual eye,’ such tools can read documents, detect objects, and even guide users to signature fields. But they also require processing sensitive personal data, often raising concerns around where that data goes and how it is used. This is not a new trade-off. Historically, accessibility has been a quiet catalyst for technological advancement. Alt text and captions that originally designed for people with vision impairments or low-bandwidth environments, have become foundational datasets for training computer vision systems. Today, those same systems power generative AI to enabling machines to create images from text. Accessibility, in many ways, has been the unseen infrastructure behind modern AI. Apoorva talking on Rural Inclusive Innovation Methodologies at The Invisabal Panel With The Tata Steel Foundation at The International Purple Fest 2025, Panjim, Goa. But in India’s current IoT and security landscape, the stakes are higher. For individuals with motor disabilities, even something as basic as writing or signing a document can be a barrier to accessing financial systems, government schemes, or legal identity. Increasingly, mobile cameras and sensor-based systems are being used to track facial movements, gestures, and expressions to enable interaction without touch. These systems, while powerful, operate at the intersection of biometric data, surveillance, and personal autonomy. It is within this intersection that Apoorva Avadhana’s work offers a critical alternative. At the International Purple Fest 2025, where global conversations on inclusion met grassroots realities, Apoorva emphasized a shift in thinking – accessibility is not about high-end solutions, but about enabling ‘survival, dignity, and participation.’ Speaking at the InviSabal panel on rural inclusive innovation, she highlighted how technologies designed for controlled, urban environments often fail in rural India – where infrastructure is fragile, maintenance is limited, and costs are prohibitive. Her work directly engages with one of the most overlooked barriers in India’s digital ecosystem – the inability to produce a consistent signature. Without it, individuals can be excluded from banking, welfare enrollment, and identity systems. While biometric solutions exist, they often introduce new privacy risks and dependencies on centralized systems. Apoorva Explaining Concept of Human-Centered Design & Receptive Design Methodologies Through her research with the NYU Ability Project, Apoorva contributed to the development of a low-cost, open-source assistive tool that reimagines this problem through a privacy-aware lens. Using AI-based face mesh tracking, the tool converts subtle neck movements into digital strokes, allowing users with severe mobility impairments including quadriplegia to draw signatures independently. Crucially, the system operates differently from conventional camera-based tracking technologies. It runs locally on the device, does not capture or store images, and instead relies on geometric relationships such as the distance between facial key-points like the eyes and nose to interpret movement. The output is stored directly on the user’s phone, ensuring that sensitive data, including signatures, never leaves the device. In an era where IoT systems often default to cloud-based data processing and continuous surveillance, this approach is significant. It demonstrates that accessibility does not have to come at the cost of privacy. Instead, through thoughtful design, it is possible to build systems that are both empowering and secure. Apoorva’s broader methodology, what she terms ‘receptive design,’ extends beyond technology itself. It is participatory in nature and receptive to people’s everyday way to living and working. Her work draws from India’s culture of jugaad, emphasizing adaptability, local materials, and co-creation with communities. Whether it is designing assistive tools that function without stable internet or leveraging everyday devices like smartphones as accessibility interfaces, her approach resists the notion that innovation must be expensive or centralized. Her professional experience with organizations such as IBM and MetLife further grounds her work in large-scale systems, where accessibility, security, and compliance intersect. Yet, her focus remains consistent – designing technologies that work in the real world, across diverse socio-economic conditions. As India continues to expand its IoT and surveillance infrastructure, the question is no longer just how to secure data but also how to ensure that the systems built on that data are inclusive by design. Accessibility and privacy are often framed as competing priorities. Apoorva Avadhana’s work challenges that assumption, showing that they can and must be designed together. Because in a data-driven society, true security is not just about protecting information. It is about ensuring that the systems we build do not exclude the very people they are meant to serve. About Apoorva Avadhana Apoorva Avadhana is a recognized design researcher specializing in accessibility, inclusive design, and assistive technology. Based in Mumbai and affiliated with The Ability Lab at New York University, she is CPACC certified and identified as a neurodivergent design researcher. With an MPS from NYU’s Interactive Telecommunications Program and a BDes in Human-Centered Design from the Srishti Institute of Art Design and Technology, Apoorva’s work bridges grassroots innovation with inclusive design, using low-cost and open-source emerging technologies to address accessibility in activities of daily living (ADL). She has professional experience as a UX researcher and Accessibility SME, for clients like IBM, TSB, and MetLife. Her research, residencies, and exhibitions have received international recognition, with her work presented at leading conferences and supported by numerous grants and awards. She has gained badges, honours and laurels and she led many important workshops and trainings in Accessibility and Corporate Design Thinking Frameworks. Her work spans a vast gamut of inclusive design, research, teaching, and interdisciplinary collaborations at the intersection of AI,…

Ashish BaliCountry Manager India, FireMon India’s enterprise technology sector has expanded at a pace that few markets can match. In banking and financial services, digital infrastructure that took other markets decades to build has been assembled in years – payment rails processing billions of transactions monthly, cloud environments layered onto legacy core banking systems, new digital services extended to hundreds of millions of customers. When you build that quickly, firewall rules rarely keep up. Access gets opened to support a new service and never closed. Exceptions get granted to keep a project moving and become permanent. Boundaries that made sense at design time get redrawn by operational pressure. For large organisations, including the Global Capability Centres now running significant security operations for global enterprises from Indian soil, the result is a divergence between access as it exists and access as it was intended. The pattern shows up reliably in firewall audits. FireMon’s benchmarking work shows that across large enterprise estates, close to 60% of firewalls fail at least one high-severity check. In environments that have expanded rapidly, that figure rarely surprises anyone. That it no longer surprises is precisely the problem. Nothing in day-to-day operations flags this. Indicators look stable, services run, and nothing breaks in a way that demands attention. Rules stay open and access stays excessive. And it accumulates that way until an audit makes it visible. The failure mode nobody plans for It is tempting to call these findings misconfigurations. That label implies a discrete mistake, something identifiable, correctable, closed. What audits actually uncover is different. The rules that fail high-severity checks are rarely the result of careless work. They are the residue of reasonable decisions – access granted because a project needed it, an exception created because something urgent could not wait, a rule that made sense in context and has simply never been revisited. Over time, policy stops reflecting decisions and starts reflecting history. The rule-base accumulates. Shadowed rules sit beneath active ones, creating the appearance of control while leaving effective access unchanged. Segmentation that looked defensible on paper does not hold under real traffic patterns. The result is a policy surface – every rule, exception, and inherited access decision across the estate – that no longer reflects deliberate decisions. This, as reflected in audit findings, is not an outcome anyone ever plans for. In almost every case, it happens because the environment kept changing and the governance around it did not keep up. Compliance evidence is not the same as governance Most large enterprises are responding to a significantly tightened regulatory environment. CERT-In requires organisations to retain ICT logs, including firewall logs, for 180 days and to report qualifying incidents within six hours of detection, one of the strictest windows anywhere in the world. SEBI’s Cybersecurity and Cyber Resilience Framework requires documented access policies, network segmentation controls, and mandatory audit submissions. The RBI places equivalent obligations on banks and NBFCs around continuous monitoring and independent audit. That investment in compliance tooling is necessary. But log retention and audit reporting answer a different question to the one that produces recurring firewall failures. Retaining firewall logs tells a regulator what happened. It does not tell you whether your policy reflects what you actually intended to permit. Similarly, a SIEM captures events; it does not govern the rules that determine what those events mean. Recurring high-severity audit findings are rarely a failure of logging. They are a failure of policy management. The organisation was capturing evidence of a problem it had not diagnosed. Security teams can usually describe architectural intent – where boundaries should sit, which flows should not exist. What they cannot consistently show is that enforced policy reflects that intent today, across data centres, cloud environments, and the legacy infrastructure running core operations. When regulators examine that gap, the audit does not create the problem. It simply makes it visible. Policy stops being a control when it loses its meaning A firewall rule-base can be technically operational and still not express a coherent access model. When it reflects years of exceptions and inherited decisions rather than current intent, teams lose confidence in their ability to test the impact of changes. Change control becomes conservative because nobody can reliably say what a given change will affect. The firewall becomes something that must not be disturbed. From there, the deterioration is predictable. Rationalisation gets deferred and access widens because tightening it feels riskier than leaving it alone. Audits become reconstruction exercises – explaining after the fact what findings mean – rather than evidence of a security posture that is understood and in control. A periodic review can describe that state. It cannot fix it, because the problem is produced every day by ordinary operational change. What continuous oversight actually looks like Network Security Policy Management addresses this by connecting intent, enforced policy, and observed dependencies in a single, continuously updated view. Used as an operational discipline rather than a reporting layer, it gives teams the means to see where access has expanded beyond what is justified, where segmentation has softened, and where exceptions have become the default. Crucially, it also allows teams to test changes before deployment, rather than discover their impact afterwards. What security teams need is a current, accurate picture of what their policy actually permits – not the intended state, but the enforced one – across firewalls, cloud controls, and the on-premise infrastructure that continues to run core operations. When a change is proposed, it can be tested before deployment – what it will affect, whether it complies, whether it stays within the intended access model. When drift occurs – and in any active environment, it will – it is surfaced before it becomes a finding rather than after. Our tech, for example, maintains the audit evidence trail that regulators ask for – what policy was in place at any point, what changed, and whether those changes remained aligned to stated business intent. That is the difference between compliance as a reporting exercise…

Sumit SharmaSr. Director – Pre Sales, Echelon Every network engineer knows the feeling – something’s wrong, the alerts are firing, and you’re bouncing between multiple management consoles trying to piece together what’s actually happening. It’s not that the tools are bad, each one does its job. It’s that none of them can see past their own vendor’s edge, and the problem almost certainly lives in the gap between them. Today’s enterprise networks have sprawled across cloud environments, remote offices, IoT deployments and data centers and to manage it all, organizations naturally turn to multiple vendors, each offering something the others don’t. It makes sense on paper. But every new vendor added to the mix is also another blind spot added to the map. That gap between what each tool sees and what your team actually needs to see is a visibility problem and it’s quietly become the defining challenge of modern network management. The rise of the multi-vendor network Modern enterprise environments are built incrementally over time. A single organization may use routers from one vendor, switches from another, wireless infrastructure from a third and cloud networking services from multiple providers. Mergers, acquisitions, regional deployments and evolving technology needs further contribute to heterogeneous infrastructures. In industries such as transportation, manufacturing, smart cities and telecom, the challenge becomes even more complex. Critical systems like surveillance, passenger information systems, IP telephony, IoT sensors, access control and data communication networks often rely on devices from different manufacturers operating simultaneously. This diversity creates interoperability and management challenges that traditional monitoring approaches were never designed to handle. Multi-vendor isn’t a problem we can architect our way out of. It’s the reality of every enterprise we work with. The only practical answer is visibility that works across all of it, not just parts of it. Why visibility matters in network management Visibility is the foundation of effective network management. IT and operations teams depend on real-time visibility to understand device health and availability, network traffic patterns, faults and performance bottlenecks, security anomalies and unauthorized access, bandwidth utilization, and service dependencies and application performance. When visibility is fragmented across multiple management consoles and vendor-specific tools, teams lose the ability to view the network holistically. Instead of operating proactively, organizations become reactive, responding to incidents only after users experience disruptions. In mission-critical environments, this lack of visibility can directly impact operations, customer experience and business continuity. The problem with vendor-specific monitoring tools Most networking vendors provide their own management platforms designed specifically for their devices. While these tools work effectively within their individual ecosystems, they often fail to integrate seamlessly with devices from other manufacturers. As a result, enterprises end up managing multiple dashboards simultaneously. For example – one platform monitors routers, another tracks wireless access points, a separate tool handles firewalls, and yet another manages IoT devices. This fragmented approach creates several operational issues. Operational Silos Different teams often manage different technologies using isolated systems. This leads to fragmented workflows, inconsistent monitoring practices and communication gaps during incident resolution. Without centralized visibility, correlating issues across systems becomes difficult. Increased Mean Time to Resolution (MTTR) When a fault occurs, engineers must manually switch between multiple platforms to identify the root cause. This slows troubleshooting and increases downtime. A simple network outage may involve checking logs, traps and alerts from several systems before identifying the affected device or link. Alert Fatigue and Noise Vendor-specific tools generate alerts independently without understanding broader network context. This creates duplicate alarms, false positives and excessive notification noise. IT teams become overwhelmed with alerts while critical incidents may go unnoticed. Inconsistent Data Formats Different vendors use different telemetry standards, reporting methods and management protocols. Even when SNMP or APIs are supported, data normalization becomes challenging. This inconsistency prevents organizations from building unified operational intelligence. Limited End-to-End Correlation Modern services rely on interconnected infrastructure. A failure in one subsystem may impact several downstream applications. Without unified visibility, identifying service dependencies and correlating events across vendors becomes extremely difficult. The impact on modern enterprises The consequences of poor multi-vendor visibility extend beyond IT operations. Reduced Network Reliability Incomplete monitoring creates blind spots. Issues that could have been detected early often escalate into major outages. In sectors like metro rail, airports, utilities and healthcare, even minor disruptions can affect public safety and critical operations. Higher Operational Costs Managing multiple tools requires additional licensing, training and maintenance. IT teams spend more time manually consolidating information instead of focusing on optimization and innovation. Operational inefficiencies also increase staffing and support costs. Slower Digital Transformation Organizations investing in AI, IoT and cloud adoption require intelligent, scalable monitoring systems. Fragmented visibility limits automation and prevents organizations from achieving true digital transformation. Without centralized insights, advanced capabilities like predictive analytics and autonomous operations become difficult to implement. Security Risks Security visibility gaps are among the most serious consequences of fragmented network management. Different devices may report events differently or not at all. This creates opportunities for threats to remain undetected across distributed environments. A lack of centralized monitoring also makes compliance reporting and forensic analysis more challenging. Why traditional NMS platforms are struggling Traditional network management systems were designed for relatively static environments. They focused primarily on uptime monitoring, SNMP polling and basic fault management. However, modern networks demand far more – such as real-time telemetry, multi-cloud visibility, IoT monitoring, AI-driven analytics, automated remediation, unified dashboards, and cross-domain correlation. Legacy NMS platforms often lack the scalability and intelligence needed to handle today’s heterogeneous infrastructures effectively. The shift toward software-defined networking (SDN), edge computing and distributed architectures further increases the need for adaptive, vendor-agnostic monitoring solutions. The need for unified multi-vendor visibility To address these challenges, organizations are increasingly adopting centralized and vendor-neutral NMS platforms capable of integrating diverse infrastructure into a single operational view. A modern NMS must provide: For example, transportation networks rely on interconnected communication systems including surveillance, passenger information displays, signaling, telephony and emergency communication systems. If each subsystem is monitored independently, operations teams lack a unified understanding…