As the world becomes more and more dependent on the cloud, one key question looms: how secure are our digital lives? Kartik Kaipa, a seasoned expert in cloud security and distributed systems, has spent over twelve years developing transformative software security solutions for giants like Google and Uber, redefining what it means to secure cloud environments on a large scale.
Driven To Succeed by a Love of Computers
Kartik's love of computers started early. When he was growing up, his family had a personal computer with internet access in their home. He played games like most kids but also built various HTML sites. When Google was released, he was enraptured.
"I could search for anything and feed my curiosity on pretty much any topic," Kartik remembers.
After graduating from high school, Kartik attended the Indian Institute of Technology (IIT) in Kanpur, India, to study computer science and engineering, where he gained a strong technical foundation for his career. After receiving his bachelor's and master's degrees, Kartik's passion for computers and building systems inspired him to look for work at a tech firm instead of pursuing a PhD or doing research.
"I was thrilled when I got a job offer at Google India," he says.
Early Days Working on Large-Scale Billing Systems
Kartik worked on the Google Apps for Business subscription system in his new position. His responsibilities included ensuring customers were properly charged each month for using Google Apps for Business, that their subscription status was quickly accessible, and that they received accurate emails.
When Kartik transferred to Google US, he continued to work on large-scale billing systems before transitioning to working on the other side of payments. He worked on payment authorization systems, which verified that users were authorized and were accessing the correct information. The authorization system also ensured that internal access occurred when only strictly necessary and was monitored.
"Another side project I did at this time was completely unrelated to payments but impactful at Google. We developed an intelligent batching system for changelists (changes made to a project) at Google, reducing test costs by 10x," Kartik explains.
Kartik left Google for a position at Uber, where he worked on driver payments, ensuring that drivers in 70 countries and 10,000 cities were accurately paid on time. The driver payment system processes billions of dollars of payments a year.
Kartik faced an even bigger challenge when Uber became serious about their IPO (Initial Public Offering) and needed their payment system to be auditable. This meant the whole system had to be rearchitected, a significant rewrite of the money system.
"I worked on significant pieces of the architecture. I think I might still have the most amount of code written in the core system. I developed easy ways of testing the system to ensure its reliability and accuracy," Kartik says.
In 2018, Kartik returned to Google to work on Google Pay. The challenge was to make it work across browsers and operating systems, a challenge that Kartik and his team were able to overcome by developing the "Pay with Google" button and having automated testing across browsers in different environments.
The Challenge of Securing Cloud Workloads
Recently, Kartik's team has been working on Custom Organization Policies that provide customers with a consistent experience around error handling, violations, and simulation and allow enterprises to define their own security policies. Custom Org Policies make the process of setting up security much simpler.
Working at Google Cloud on security and ensuring data is safe and protected has been a very rewarding experience for Kartik and keeps him motivated in his work.
"The power that computers have is astounding to me even after all this time. For example, something like Microsoft Excel enables accountants to do accounting at unthinkable speeds. We can send information around the globe at light speed. We can contact anyone we want to. All the information in the world is accessible from a handheld device. So many of these advances are straight out of science fiction and were virtually unimaginable even 30 years ago," says Kartik.
Though Kartik has had many successes in his career, he did have to deal with stalling at one point.
"I had to decide to consciously focus on making sure the work assigned to me fulfilled the promotion criteria. I also had to work on soft skills such as presenting work and making sure any projects I would take on would lead to the next level," he says.
Role in Developing Custom Organization Policies
After working on large-scale billing systems for most of his career, Kartik leaped at the chance to work as a tech lead of the Org Policy team. He led the development of Custom Organization Policies at Google Security and supervised the onboarding of 50 Google Cloud Platform (GCP) products on Custom Organization Policies.
"Org Policies are the way customers can secure their workloads," Kartik explains. "A good example is the leaks that you see around extremely private data. One particular Org Policy makes it so that data can never be made public in buckets. There are Org Policies for many scenarios that help enterprises stay compliant and stay safe."
The Future of Cloud Security and Kartik
Kartik is fascinated by the impact of the cloud on transforming infrastructure. He points out that websites can be built and shipped globally with a few clicks, whereas in the past, they would have to be installed physically in a data center.
As technology continues to evolve, Kartik plans to continue pushing the boundaries of cloud security to address emerging cyber threats and contribute to advancing the industry standards for secure cloud computing. In the future, Kartik also sees AI being used to generate security postures automatically.
For him, AI will be able to understand the user's intent, figure out the ground-level details that correspond to the high-level intent, and secure the customer's workloads accordingly. In addition, AI can continuously monitor logs and metrics generated by customer workloads and intelligently detect when security breaches might occur. AI can also analyze the existing security posture of the system and recommend tweaks that would make the system secure while keeping the customer's operation running without breakages.
Kartik has dedicated himself to becoming a well-rounded technical leader by focusing on being more strategic in project selection and execution. Though an excellent technologist, he recognized he needed to work on his interpersonal skills, especially when presenting complex technical concepts. He also concentrated on aligning technical work with the organization's broader goals.
Becoming an effective leader resulted in Kartik being able to drive larger, more impactful initiatives and inspired him to mentor future technical leaders.
