Rohan Vaidya, managing director, India, CyberArk

Today, cybersecurity has emerged as a core component of the information technology (IT) strategy of enterprises. To this end, companies such as CyberArk are providing security solutions for all identities, human or machine, across business verticals. In an interview with, Rohan Vaidya, managing director, India, CyberArk, talks about the growing significance of security, the company’s focus areas and its contribution to India’s digitalisation drive…

What are CyberArk’s key focus areas?

CyberArk is the global leader in identity security, providing the most comprehensive security offerings for any identity, human or machine, across business applications, distributed workforces and hybrid cloud workloads, and throughout the DevOps life cycle. CyberArk provides customers with a unified approach to securing access for any user, across any application or system, from anywhere, using any device. Centred on pr­ivileged access management and powered by artificial intelligence (AI)-based behavio­ur and risk analytics, the CyberArk Identity Security Platform helps organisati­ons secure access to critical business data and infrastructure, protect a distributed workforce, and accelerate business in the cloud.

Could you tell us more about CyberArk’s presence in the Indian market?

CyberArk established its presence in the India market in 2016. Over the last five yea­rs, we have grown our customer base and pa­­rtner ecosystem. We have been very su­c­c­­essful with larger enterprise customers. Top customers within verticals such as telecom; banking, financial services and insurance; and IT/IT-enabled services were ea­r­l­y adopters of CyberArk and have been wo­rking with us for the last four or five years.

How important has security become post the pandemic? What are your views on the growing significance of identity security?

The Covid-19 pandemic has changed the way businesses operate, with significant im­plications for enterprise security. Cyber­Ark’s “The CISO View 2021 Survey: Zero Trust and Privileged Access” report shows that a significant percentage of security pro­fessionals are seeing an increase in credential thefts. In this context, it is important for or­ganisations to recognise that identity is the new perimeter. In this new environment, identity security is critical, as it can be used to empower workers and customers with easy, secure access to apps and resources from any device they use, from any location they are at, and at just the right time.

What are the existing security gaps? How does CyberArk contribute in overcoming these gaps?

In India, we are seeing a greater number of businesses move to the cloud to support re­mote workforces and digitalisation. Clo­ud assets and workloads are susceptible to a wide variety of cybersecurity threats such as data breaches, ransomware and phishing attacks. CyberArk helps organisations secu­re access to critical business data and infrastructure, protect their distributed workforce and accelerate business in the cloud through its comprehensive suite of AI-driven identity security solutions.

How is CyberArk contributing to India’s digit­alisation drive? What initiatives has the company undertaken in this regard?

With the adoption of digital initiatives, most Indian organisations are now exposed to an increasing array of cybersecurity th­re­ats that have been growing in terms of size, scale and complexity. CyberArk’s Privileged Access Manager solution can automatically discover and onboard privileged credentials and secrets used by human and non-human identities. The solution can sea­m­lessly integrate with third-party devices, applications and operating systems. When done correctly, this can provide orga­nisations the ability to manage privileged credentials and secr­e­ts without significant de­vel­opment cycles consuming valuable resources.

What are the trends that hackers have been acting on?

In 2021, media headlines were devoted to high-profile ransomware attacks – notably the SolarWinds and Colonial Pipeline attacks. However, 2021 also showed some other unique attacks carried out by hackers. In February 2021, a threat actor attempted to poison the water supply of a city in Florida by trying to increase the level of sodium hydroxide in the water a hundred times.  We believe that the public utilities sector is uniquely vulnerable. India, like any other nation, is exposed to this risk.

What should be the top priorities for companies in 2022 and beyond?

In India, a huge number of government or­ga­nisations and start-up firms use open so­urce. In fact, it would be fair to say that our digital economy runs on open source software (OSS). But the proliferation of “open” and “free” OSS libraries also means a dramatically expanded attack surface. Thus, organisations must remain vigilant, as these subtle attacks will rarely send signals, making them extremely difficult to spot – especially as such libraries are deployed in pipelines as part of legitimate day-to-day operations.  India is also a huge and growing market for cloud adoption. As multi-cloud adoption picks up pace, identity security must remain a key priority area.