September 07, 2023
By Fabrice Vanegas, MEd.

Today, security is of paramount importance for any SaaS decision. Would you trust Zoho with your data? Should you?


"Isn't Zoho an Indian company?"


This comment is often the first thing many people say when the topic of Zoho comes up. The remark is usually followed by dismissive or condescending remarks implying that the winner of PC Mag's 2019 Business Choice AND 2019 Editor's Choice Awards should be disregarded simply because of its origin.


Sorry to start writing about the elephant in the room so soon, but I hear/see this too often, and I bite my tongue every time. Which is why I have wanted to briefly address this in writing, hoping more than six people bother to read it. :-)


On being Indian:


In my book, being Indian should be a source of pride. Did you know that 60% of Silicon Valley engineers are Indian? Would Silicon Valley even be the same without the dramatic influx of Indian brains? Brain drain or not, India is currently the second biggest exporter of Software in the world (after the US).


India has an incredibly rich history. Their massive population comes from highly diverse backgrounds - resulting in a unique culture. I put that word in italics, since at Cloud Lion we passionately believe that humans are more important than the technology they use - and that the culture in place needs to be taken into account in order to ensure a positive adoption of any new technology.


Back to India:


Ever heard of the early Indus Valley civilization at Mohenjo Dharo? No? Google it. Basically they invented the swimming pool, being early pioneers of water supply and sanitation. Around 5000 years ago, all their houses had toilets (centuries later Europeans were still emptying their chamber pots into the streets). Today's India is a vibrant hubris of creativity, color, flavor, contrast, diversity and culture.


Efficiency (just one example):


"Dabbawala" (or Tiffin-walah)





These guys have achieved six-sigma efficiencies at a massive scale, they deliver meals to millions of people in Mumbai and elsewhere with a near-zero margin of error, there is nothing like them anywhere in the world - FedEx is fascinated by them, as is Richard Branson, among others - check out this article to learn more.




Having spent roughly half my life in Asia, and having many close Indian friends, I feel I can share my experience and point of view with you:


Generally speaking Indians have enormous respect for their elders. They are self-sacrificing and think of others before thinking of themselves. They will struggle with saying "no" and will do all kinds of efforts to do good and help those around them.


Culture (measured):


When we do look at culture, the Dutch social psychologist (and former IBM employee) Geert Hofstede comes to mind. He nailed it when it came to making "culture" measurable and easier to describe by tallying up points in his six "cultural dimensions". In a previous lifetime, I used to cover this topic with my International Baccalaureate (IB) Business Management students while teaching at an International School in Bangkok... where about 30% of my students were of Indian origin.


You may want to give a read to this short article by Arindam Bhattacharjee, who holds a key HR role at Amazon India. He briefly explains why Indians work so hard, making reference to Hofstede's cultural dimensions.


Indian students work so hard. There is a level of competition that people who have grown up outside of the region simply cannot grasp. There is tremendous pressure from parents and society to be a top-achieving graduate.


"Anything less than the best is a felony".


- An artist I will not quote on LinkedIn


Bollywood (which makes more movies and sells more tickets than Hollywood) made a great movie called "3 idiots". If you want to get a better idea about the particular way in which Indians respect and pursue academic excellence, you should watch it (really!).




Back to the reason you clicked on this article: Zoho's Security:


Zoho takes security very seriously - as they should.


Let me give a little background on where Zoho came from. In the nineties they started their company with WebNMS and then went on to develop Manage Engine. These on-premise Enterprise IT tools are used by clients such as: the US Navy and the US Department of Defense. Manage Engine makes the bulk of revenue for Zoho Corporation, and it was this revenue that was re-invested to develop Zoho's SaaS apps - CRM, Books, etc.


Would NASA, the US Army, the United Nations, and Ferrari (among others) use Zoho's products if they were not secure?


"Nothing is 100% secure, anyone that says otherwise is lying. Everything can be hacked."


Raju Vegesna, Zoho


This humble statement came from one of Zoho's top executives, Raju Vegesna, when he spoke to El Economista during a trip to Mexico in 2015.


Hackable or not...




The best of hackers have tried to hack Zoho's mesaging system, but did not succeed. 


Security is built on trust.


Think about what buying software really is. How intangible it may feel. In prehistoric times we would buy disks, then CDs. Many years later we get an activation key. Download the software, punch in the activation key, done. Think about how we have to trust a software company to pay them good money for this intangible good (which is hopefully good). This is what it was like when you bought your software...


How about when you pay for an app as a service? It requires even more trust. It is even more intangible, it may even seem ephemeral. You are paying for Software, as a Service (SaaS). Renting your software. Needless to say, one expects that things are run well, and continue to do so, after all - you're paying for a service.


In the case of an online CRM, we are paying for a service, which requires to send our data to servers far, far away, to then organise and access our most confidential business information over an internet connection. We should conveniently (and securely) be able to tap into our company's information backbone from any device, desktop or mobile. "Don't worry, it's safe..."


Naturally - many of us are prone to think twice before making a choice of this kind.




One might ask; What could happen if my data were to be compromised? Stolen? Leaked? What if the contacts I have worked so hard to establish become maliciously contacted? What if my company's intellectual property falls into the hands of my competitors? What about all the confidential transactional records... The humanity!!


These concerns are warranted, and we should do our homework before choosing who to trust with our company's data. If something seems insecure, it is human nature not to trust it. But what is worse is unwittingly trusting something that does not deserve to be trusted in the first place. We have to look carefully, and dig deeper. On that note, I will pepper the remainder of this article with relevant links for you to geek out to, should you feel so inclined.


Physical Security.


For now, Zoho has data centers at undisclosed locations in the US, the Netherlands, China, Japan, Singapore, India and Australia. Their security is literally bullet-proof. Like Google, they have built for redundancy, should a server ever fail, the systems seemlessly carry over from other locations, running smoothly without customers ever realising any hiccups.




Only a very small subset of employees are ever allowed into the data centers. No tours ever happen. Biometric security is everywhere. There is power redundancy. There is internet redundancy. There are redundant network devices, as well as redundant cooling and temperature. The facilities are under 24/7 surveillance. There are no subcontractors - ever. Legend has it that Zoho hires ex-police officers to run security internally in their India locations.




Do click on the heading above. It will lead you to a 3 minute, easy to read, manifesto that explains Zoho's position on privacy as such. Their lofty and refreshing approach is to be commended. If reading that does not make you feel warm and glowy, then read their full privacy policy, which is not a 50-page document in size 6 font. Here is a small excerpt from the second parragraph:


"Our privacy commitment: Zoho has never sold your information to someone else for advertising, or made money by showing you other people's ads, and we never will. This has been our approach for almost 20 years, and we remain committed to it."




One thing is when Zoho says they are secure. Another thing is when a passionate Zoho partner writes an article saying Zoho is secure. It is a whole other matter when third party international standards organizations and regulatory bodies award certifications attesting objectively and impartially to the fact that Zoho is secure:


  • ISO 27001, ISO 27017 and ISO 27018 certified.
  • SOC 2 Type II compliant
  • EU-U.S. Privacy Shield
  • Zoho complies with the General Data Protection Regulation (GDPR) with effect from 25th May 2018.




There is a whole lot more where that came from, but instead of bombarding you with a truckload of serious-sounding accronyms which mean little to the average mortal, I will give you this very recent presentation made by Zoho's Compliance Team, it speaks in greater detail to the security Compliance of Zoho. If you wish to dig deeper and take a close look at their actual legal security compliance certificates, go nuts.


If the security nerd in you is still unsatisfied, here are some other links to obssess over:



OK, back to culture:


Zoho has a culture of innovation and security. Just like other Silicon Valley players, they hire external white-hat (ethical) hackers to try find vulnerabilities. They also have internal hackers that are rewarded with bounties if they succeed at finding vulnerabilities. But unlike most Silicon Valley companies, they are a family business. With family values, and a long-term vision.


Kalil Gibran famously said "work is love made visible" and Zoho is a business that has clearly grown out of love.


Zero external funding, not for sale. Rumor has it that Google tried buying them out. Three times. Not for sale! Zoho will not sell your data either, not for advertising or any other purpose. Ever. Not even if you use their free versions.




Their culture permeates into all spheres of business. From how they recruit and treat their employees, to how they see pricing and money in general.


We can say "a business is an extension of the entrepreneurs behind it", it reflects their essence and their values. This is why this security article started by speaking about human factors, then technology, then back to the people again.


The Cloud Lion team and I have attended many Zoho events:


Zoholics, Zoho Training, Advanced Zoho Training, Zoho User Meetup Groups, Manage Engine Training. Our Zoho journey has taken us to many places: Pleasanton, Austin, Montreal, Toronto, Mexico City, Costa Rica. We are currently planning our pilgrimage to Chennai for this winter.




But why spend thousands of dollars and countless days on travel to do this? We could just get our training online, and save a ton of cash! We do this because we want to know Zoho. The amazing technology and the extraordinary humans that power it.


We have witnessed first hand how open and down to earth their CEO, Sridhar Vembu is, not only by interacting with him in person, but more importantly by seeing the dynamic between him and other Zoho employees, regardless of their hierarchy. I have had honest discussions with their Engineering Director, Rajendran Dandapani about the training efforts that Zoho makes, as well as the positive difference it makes in the lives of the stakeholders around their Headquarters in rural India. I have had the pleasure of working side by side with Zoho engineers that have been responsible for much of the innovation behind certain products (Deva!). I have been inspired (Zinspired?) by Fernando Sotelo, and Carla Garcia - as well as the young, dynamic team out of Queretaro, Mexico. I saw LSP and Emily Sloan-Pace (their Professor in Residence) passionately share their knowledge and vision at Cloud Lion's Cloud Sur Le Lac event in Quebec last year.


Just last month, Sebastien and I had the privilege of traveling to Toronto, and getting Advanced Zoho CRM training by the legendary Sandeep Prasad. We saw the dedication and patience that he shows every student. Patience is the key word here, their CEO has made reference to this in several of his recent keynotes.


Zoho is patiently winning at the long game of chess, (which was invented in India).




There is no better testimony of trust or security than when we refer a business to those whom we love most, our family. Here is a picture of Zoho's Raul Mendiola helping my father, Hernan Vanegas, and his business partner, Ivan Restrepo at this week's Zoholics LATAM - Colombia:




I know that Zoho will work wonders for their business as well.


At the end of the day, the goal of Zoho's tools is to save us all time. So that it does not become necessary to work 70 hours a week in order to be successful. So that we can spend more of our time with who matter most to us - our loved ones.


I have worked with Zoho's team at many levels. and each time I am impressed. I feel trust. I feel secure. As a business I know I have made the right choice in working with Zoho. And every customer we have deployed Zoho for can tell you the same thing.


I know Zoho, and I can tell you, my business is secure with Zoho.


Get to know Zoho. Because knowing Zoho is loving Zoho.


Start your 30-day free Zoho One trial, and feel free to reach out to me directly if you have any questions, unless you want to ask:

"Isn't Zoho an Indian Company?"

Popular Tags :
User Experience


When LinkedIn asks you about Zoho.


A glance in the rearview mirror (while focusing on the windshield).

Fabrice Vanegas, MEd.

Founder and CEO


Latest Post