Manish Tandon, Managing Director, Questa Software Systems, Mumbai, brings over two decades of experience helping Independent Software Vendors (ISVs) navigate the fast-evolving intersection of cloud, artificial intelligence, and enterprise software strategy. As vertical SaaS matures and hyperscaler marketplaces reshape distribution, ISVs face a defining set of challenges — from preserving brand identity to building AI-ready data architectures without compromising data sovereignty. In this conversation with CMR India, Manish shares his views on the strategic priorities that will separate market leaders from the rest in the years ahead.

Q1. The SaaS market is becoming increasingly specialised. How should ISVs balance deep vertical focus with the need for global scalability?

Verticalization is no longer optional — it is the primary way ISVs can deliver differentiated value. The balance lies in building a vertical core on top of a horizontal backbone. ISVs should deeply specialise at the workflow, data model, and compliance layers specific to their target industry, while keeping platform services — identity, security, integrations, observability, and billing — modular and reusable. This approach allows vendors to deliver industry-specific outcomes while retaining the scalability, configurability, and repeatability that global enterprises expect. Successful ISVs also adopt a “configurable-by-design” mindset, ensuring that localisation, regulatory variations, and customer-specific extensions do not fragment the core product.

Q2. Building AI-powered products requires access to sensitive customer data. How can ISVs architect for AI readiness without compromising privacy and data sovereignty?

AI readiness starts with disciplined data foundations. ISVs must first establish strong data governance — clear data ownership, classification, lineage, and consent management — before layering generative AI on top. Second, architectures should separate data storage from data usage, enabling techniques such as retrieval-augmented generation (RAG), tokenisation, and anonymisation to limit exposure of sensitive data. Finally, sovereignty-aware design is critical: supporting regional data residency, policy-based access controls, and auditability ensures compliance while still enabling AI innovation. AI should be treated as a controlled capability, not an uncontrolled data consumer.

Q3. Hyperscaler marketplaces have become dominant distribution channels. How can ISVs preserve their brand identity and customer relationships within these platforms?

Marketplaces have become powerful distribution engines, but ISVs must avoid becoming invisible behind the platform. The key is to treat hyperscalers as routes to market, not the owners of the customer relationship. ISVs should maintain direct onboarding, customer success, and lifecycle engagement, even when billing flows through Azure or AWS. Co-selling should be complemented with strong thought leadership, differentiated value messaging, and proprietary services that customers associate with the ISV brand — not just the hyperscaler SKU. Data-driven insights and post-sale engagement are where long-term loyalty is truly built.

Q4. When it comes to cloud modernisation, how should ISVs frame the ROI conversation for customers deciding between lift-and-shift and full refactoring?

ROI discussions must be framed in business terms, not architectural purity. Lift-and-shift delivers immediate cost optimisation, faster cloud adoption, and reduced operational risk — this resonates strongly with CFOs and risk-averse IT leaders. Refactoring, on the other hand, must be positioned as a strategic investment that unlocks agility, innovation, and long-term efficiency. ISVs are most successful when they present modernisation as a phased journey: start with lift-and-shift for quick wins, then selectively refactor high-impact workloads. Clear benchmarks, before-and-after metrics, and customer references make the ROI tangible and compelling.

Q5. Many enterprises find themselves stuck in “pilot purgatory” with AI initiatives. What can ISVs do to help customers move from experimentation to production at scale?

Pilot purgatory happens when AI experiments are disconnected from real business KPIs. ISVs should design products that embed AI into core workflows, not as optional add-ons. This means providing production-ready MLOps, built-in governance, explainability, and cost controls from day one. Equally important is opinionated guidance — pre-built use cases, reference architectures, and clearly defined success metrics that help customers move confidently from experimentation to scale. When AI is embedded in the workflow and measured against business outcomes, it stops being a science project and becomes a genuine business driver.

Q6. Identity-based attacks are on the rise. How should ISVs approach integrating Identity Threat Detection and Response (ITDR) at the application layer?

Identity must be treated as a first-class security signal, not an afterthought. Developers should design applications where identity telemetry — authentication context, privilege usage, and behavioural patterns — is continuously monitored. Embedding ITDR means integrating with identity providers, enforcing least-privilege by default, and building adaptive access controls that respond in real time to risk signals. Security cannot be bolted on later; it must be a foundational part of the application architecture, APIs, and development lifecycle from the very beginning.

Q7. As IT environments become increasingly hybrid and multi-cloud, how should ISVs evolve their product portfolios to help customers manage this complexity?

Modern IT environments are inherently hybrid and multi-cloud, and complexity is the biggest enemy of resilience and innovation. The focus should be on simplification through visibility, automation, and policy-driven management. By helping customers gain unified insight across environments, automate routine operations, and enforce consistent governance, ISVs can transform complexity from a liability into a manageable — even strategic — capability. The goal is not to eliminate complexity, but to abstract it away so that teams can focus on outcomes rather than infrastructure. ISVs that master this will become indispensable partners to their customers.