Barracuda CEO To IT Leaders: Don’t Settle For A ‘Security Supermarket’ When You Need A Platform

Barracuda’s CEO Rohit Ghai sees two mistakes midmarket IT leaders commonly make when modernizing security.

(Rohit Ghai, CEO, Barracuda Networks)

Security platforms aren’t the same as security supermarkets. Confusing the two is costing midmarket organizations time, money, and resilience.

So says Barracuda CEO Rohit Ghai, a former RSA chief. Too many IT leaders are still modernizing their security stacks as if they have enterprise-scale resources, teams, and tolerance for complexity, Ghai said in an exclusive interview with MES Computing.

Ghai weighed in on everything from the security challenges he sees in the midmarket to his thoughts on Q-Day – the day current encryption standards will get cracked by quantum computing.

“The security market is incredibly fragmented,” Ghai said. “For years, it’s had this propensity for best-of-breed point solutions.”

[RELATED: AI Supercharges Low-Effort Attacks—Why Midmarket IT Should Treat Them as High Risk]

Because cybersecurity is highly technical, and because there are sophisticated adversaries on the other side, organizations are having to deploy a variety of specialized tools and platforms.

For the midmarket, Ghai argues, that approach simply doesn’t scale.

“Tool sprawl creates cost and complexity,” he said. “And midmarket organizations don’t have the luxury of excess expertise or excess people.”

Why ‘Platformization’ Is About More Than Consolidation

Ghai describes Barracuda’s strategy as “platformization,” but he’s quick to distinguish that from simple bundling.

A true platform, he said, has two essential characteristics. The first is breadth and completeness — the ability to cover multiple threat surfaces without forcing IT teams to manage a patchwork of disconnected tools. The second is ease of deployment, use, and operational cost reduction, which he says is where many vendors fall short.

This distinction becomes critical as midmarket organizations confront a rapidly changing threat landscape increasingly shaped by AI.

“For a long time, smaller organizations believed they could stay under the radar,” Ghai said. “That the attackers were going after bigger, richer targets.”

[RELATED: AI in the Midmarket: Why ‘Doing Nothing’ Is Now the Riskiest Strategy]

That assumption no longer holds.

“AI changes everything,” he said. “Threat actors can now attack at massive scale. You can no longer fly under the radar. Cyber risk has become existential.”

The Hidden Risk Of Tool Sprawl In The AI Era

Ghai sees two mistakes midmarket IT leaders commonly make when modernizing security.

The first is underestimating how dramatically the risk profile has changed. The second is failing to recognize that sprawling toolsets don’t just waste money, they undermine resilience.

“When your tools don’t share context or data, you can’t keep up with AI-driven attacks,” he said. “What’s happening in email is related to what’s happening on the network. If those signals are siloed, even behind a common UI, you’re still too slow.”

This is where Ghai draws a line between platforms and what he calls “security supermarkets.”

“A supermarket offers convenience, you can buy everything from one place,” he said. “But a platform is different. It’s shared data, shared intelligence, shared context.”

Without that foundation, he said, midmarket teams are left reacting instead of defending.

How To Know If A Platform Isn’t Working

For IT leaders wary of overpromising vendors, Ghai recommends simple tests — especially in the first 90 days.

“The easy test is the best test,” he said. “If it’s too hard to understand, too hard to deploy, too hard to use, that’s your signal.”

He also urges skepticism around AI claims.

“Yes, AI has immense power, but it also brings risk,” he said. “Ask your vendor: Is your AI safe? Is it deterministic? Does it operate within guardrails, or does it hallucinate?”

The third test, he added, is empathy.

“When intelligence is on tap, empathy becomes the differentiator,” Ghai said. “Enterprise vendors often don’t understand the midmarket. You can’t take overly complex solutions designed for massive organizations and expect them to work for smaller teams.”

Barracuda’s Platform Play And Where Humans Stay In The Loop

Barracuda’s evolution into a platform company accelerated during the cloud era, Ghai said, when SaaS democratized IT and made enterprise-grade capabilities accessible to smaller organizations.

[RELATED: AI Tools and Platforms: When Midmarket IT Teams Should Build Vs. Buy AI in 2026]

That shift culminated in Barracuda One, the company’s cyber resilience platform, which Ghai positions not as a purely technical solution, but as a system built around people as much as AI.

“AI should be in every loop to accelerate outcomes,” he said. “But humans still need to be the copilots, the air traffic controllers.”

That philosophy resonates with midmarket IT customers who say they are adopting AI cautiously.

Shane Rogers, director of IT at Attica, Ind.-based Harrison Steel Castings Company, said Barracuda helped his team reduce complexity in web filtering and backup, particularly by consolidating protection and simplifying management. But when it comes to AI-driven decisions, he remains firm.

“Final decisions — especially those related to security — should remain with humans,” Rogers said. “AI is great for continuous monitoring, but the judgment calls should still be ours.”

Other customers echo that sentiment.

Jeff Reed, director of IT at Wilmington, Del.-based The Buccini Pollin Group, said Barracuda’s interface and bulk remediation capabilities save his small team time, even as the security landscape continues to evolve. He still relies on human oversight to apply institutional knowledge that AI can’t replicate—at least not yet.

“AI has not replaced us yet. We still need to make the major decisions and get our eyes on things because we do have institutional knowledge and we do understand how our employees work,” Reed said.

Where Platform Promises Get Tested

These tensions highlight the reality many midmarket IT leaders face: platforms can reduce complexity, but they also amplify both value and risk.

James Gephart, VP of IT at Passavant Memorial Homes Family of Services, said Barracuda’s email security modules significantly reduced CEO fraud and phishing attempts in his organization. Still, he remains deeply involved in monitoring patterns, especially localized threats tied to real-world events.

“AI may not fully account for region-specific context,” Gephart said. “That’s where human experience still matters.”

Preparing For What Comes Next Including QDay

Looking ahead, Ghai doesn’t downplay the long-term risks on the horizon, including quantum computing’s potential impact on encryption.

Q-Day is not a distant threat,” he said. “The pace of quantum advancement is remarkable, and the risk is real.”

His advice to midmarket IT leaders remains grounded: start by profiling risk, identifying crown jewels, and understanding compliance requirements before investing in more technology.

[RELATED: ‘Q-Day:’ What Midmarket IT Leaders Need To Do To Prepare Now]

“It’s not a matter of if the bad guys get in,” he said. “It’s when. Resilience starts with knowing what matters most.”

And in a market chasing faster AI, more alerts, and bigger toolsets, Ghai’s warning is intentionally simple: don’t confuse a crowded supermarket with a platform built for the way midmarket teams actually work.