Upwind ramps up APJ cloud security push from India

Cloud security firm Upwind is expanding in India and scaling across Asia-Pacific and Japan as demand rises for real-time protection in cloud and AI environments.

The expansion includes new regional operations, local software-as-a-service (SaaS) instances, and additional hiring across several markets. Upwind already has offices in Mumbai, Bangalore, Pune, Singapore, Tokyo, and Sydney.

Upwind reports its global customer base has grown 200% year on year and that it has more than tripled its Asia-Pacific and Japan workforce in the past three months.

India focus

The expanded India footprint is part of a broader regional push that includes local infrastructure investment and larger engineering and go-to-market teams. Upwind has deployed in-region SaaS instances in India, Australia, Singapore, and Japan.

Local SaaS instances can help meet data residency requirements and reduce latency for customers with distributed cloud environments. They also reflect a market in which regulators and customers increasingly expect data handling and security operations to align with national rules.

Upwind pointed to a rise in reported cloud security incidents across Asia-Pacific and Japan. In India, it cited a figure of 85% of organisations reporting a cloud security incident in the past year, with average breach costs exceeding ₹220 million.

In Australia, Upwind said more than 75% of organisations have faced malicious cloud activity and linked this to an estimated AUD $86 billion economic impact from outages and cyber incidents. It also cited Singapore and Japan as markets facing a growing volume of incidents and rising costs.

Regulatory pressure

Companies across the region are facing tighter regulatory expectations and a broader shift towards hybrid and multi-cloud deployments. Upwind pointed to frameworks and guidance including India's DPDA, Singapore's PDPA, guidance from the Monetary Authority of Singapore, and evolving national cyber standards.

Upwind positions its approach around runtime cloud security, focused on the security posture of active workloads and services, rather than controls that mainly address configuration and static assessment.

"Across APJ, cloud and AI are accelerating faster than most security models were built for," said Amiram Shachar, co-founder and CEO of Upwind.

"Environments are dynamic and distributed by default, attackers operate in real time, and teams are overwhelmed by alerts without clear context on what actually matters. We built Upwind around an inside-out view of cloud risk grounded in runtime, so enterprises can prioritize active risk, reduce noise, and make faster, more confident decisions. We're expanding across APJ to ensure customers have the local infrastructure, expertise, and partner ecosystem they need to operationalize runtime security and innovate securely at scale."

Upwind Chief Security & Strategy Officer Rinki Sethi said the expansion is focused on operational risk and business resilience as cloud-driven transformation accelerates across the region.

"As someone who has seen APJ's cloud evolution from both the boardroom and the front lines of security leadership, the shift is undeniable: cloud risk is no longer theoretical. It is operational, immediate, and directly tied to business resilience," Sethi said.

"Across APJ, cloud and AI are becoming foundational to economic growth and digital transformation. Security leaders are accountable not only for protection, but for regulatory confidence, operational continuity, and preserving customer trust. That requires decisions grounded in what is actually happening in production environments. Upwind's inside-out, runtime-first approach gives organizations the visibility and confidence they need to manage cloud risk responsibly while supporting sustained innovation."

Partner channel

The regional build-out also includes a partner-led sales and deployment strategy. Upwind said it has added more than 100 partners over the past year, including independent software vendors, managed service providers, and resellers.

Upwind said it has strengthened relationships with Nvidia and major cloud providers including Microsoft Azure, and cited a strategic partnership with Amazon Web Services.

Upwind said it is a CNAPP partner integrated into the Extended Plan for AWS Security Hub, placing the product within Security Hub's operating model for consolidated security workflows.

Customer activity

Customer references in the region include India-based Times Internet and CRED. Their comments focus on consolidating visibility across cloud estates and improving the signal-to-noise ratio in security operations.

"As our cloud and Kubernetes footprint expanded, we needed a single, real-time console to manage our overall security posture," said Vishal Arora, head of DevOps, Cloud & Platform Engineering at Times Internet. "Upwind provided unified visibility, deep workload intelligence, and actionable risk prioritization across environments. This significantly reduced alert fatigue, improved response times, and enabled us to innovate securely at scale while staying aligned with evolving compliance and resilience needs."

"For a digital platform like CRED, where millions of members rely on us to protect sensitive financial data, cloud security has to be precise, responsive, and embedded into how we build," said Himanshu Kumar Das, CISO at CRED.

"As our infrastructure scaled, we needed stronger alignment between security and engineering around what truly poses risk to the business. Upwind helped us filter out noise and focus on the issues that could directly impact security, service integrity, availability, customer trust, or regulatory posture. That clarity has enabled faster decision-making, tighter execution across teams, and a more resilient foundation as we continue to scale."

Upwind said the expansion across Asia-Pacific and Japan supports its global growth plans and reflects requirements from regulated customers for regional data residency, predictable performance, and local support.