Rohan Vaidya, Regional Director — India, CyberArk

In an interaction with Mamta Maity, indiainfoline.com, Mr. Rohan Vaidya, Managing Director — India at CyberArk said “CyberArk partners play a critical role in helping customers protect against advanced cyber threats and realize the full value of Identity Security.“

CyberArk is the global leader in Identity Security, providing the most comprehensive security offering for any identity — human or machine — across business applications, distributed workforces, hybrid cloud workloads, and throughout the DevOps lifecycle .

When did you start India operations? Do you work with partners?

Yes, we do work with partners and this is how it is: The CyberArk Partner Network is a global network made up of system integrators, regional value-added Resellers, cloud and Managed Service Providers, strategic outsourcers, advisories, and distributors to help customers solve their most critical security issues. CyberArk partners play a critical role in helping customers protect against advanced cyber threats and realize the full value of Identity Security.

The network comprises of:

– GLOBAL STRATEGIC ALLIANCES
CyberArk collaborates with global technology and services companies to provide customers with strategic advisory and solution integration services.

– VALUE ADDED RESELLERS (VARS)
IT experts that resell the CyberArk Identity Security Platform often add their unique services and technical capabilities for customer success. This includes resellers, consulting and services partners and distributors in emerging markets.

– DISTRIBUTORS
Resell the CyberArk Identity Security Platform primarily to the VAR community providing CyberArk information, quotes, presales support, after-sales services.

– MANAGED SERVICES PROVIDERS (MSP)
Includes outsourcing and global service providers that take on the full IT, application, or business process adopting CyberArk solutions to
enhance and secure service delivery.

– MANAGED SECURITY SERVICE PROVIDERS (MSSP)
Offer fully managed CyberArk solutions for/to their customers.

– CLOUD MARKETPLACES
Cloud marketplaces support key strategic alliances and include most partnership models. AWS Marketplace is our primary cloud service provider marketplace where CyberArk product, services, and training can be purchased.

How big is the Indian market expected to be for you? What plans do you have for India?

CyberArk are the Identity Security market leader, an evolved technology discipline from the privileged access management market we also led — and continue to lead – for many years. We have been growing and expanding our customer base in India for the last five years. It’s been a long learning journey for both CyberArk as well as the customers to establish the importance and the urgency of implementing privilege access management to protect their IT crown jewels. With the adoption of cloud by most  enterprise customers, it now becomes an imperative for these organisations. For on-premises infrastructure users, privileged access could have been limited to certain roles, for instance in IT or business. In the cloud environment, the game is changed. Any user may become a privileged user in some circumstances and would retain these privileges until revoked. This evolution means the Identity Security market in India presents a much larger and growing opportunity. Our  acquisition of Idaptive in 2020 helped bolster our offering in this area.
 
For the Indian market, we have been investing in building the CyberArk ecosystem of certified CyberArk professionals within the partner community as well within customers. This approach of building a strong partner network has given us an opportunity to scale and replicate our solution within many industry verticals. We continue to build our CyberArk India team of pre-sales and support teams, which work closely with partners and customers to ensure that our solutions are well implemented as well as fully utilised, for the benefit of our customers.

How has the pandemic impacted the sector? How has digital transformation accelerated the demand for cybersecurity solutions?

The key drivers for cyber-attackers now-a-days are hybrid work model and digital transformation. We have seen a drastic shift in how attackers look to compromise data since the onset of the pandemic. This has led to an increased demand for cybersecurity solutions across all verticals and organisations are now realising how critical it is to secure their data.

Why has identity security become an important part of the cloud journey?

As we adapt to these phases of business growth and adaptation, in turn we must also recognise the shifting nature of the cybersecurity risks that come hand in hand with them. At the centre of both of these is the concept of identity. Security teams need to understand how fundamentally important identity is to doing business, and by that we can include every aspect of business, from public to private sector, consumer, citizen, and supplier ecosystems.

The number of identities that are being created — both humans and machines — has exploded. Identities touch sensitive data and assets all the time, every day. So security teams are faced with a much greater attack surface to secure and manage, and this is Identity Security’s significance. They must understand how Identities are defined, what processes they touch, what privileged access they need, and so on. Only by understanding this can they establish controls that reduce the risk of identity related attack.

Which are some of the major security threats that you see now? What are the best practices that CyberArk would recommend to secure the cloud, especially in the current environment with increasing threat actors and vulnerabilities?

As more companies adopt collaboration tools to support remote workforces, increase their automation capabilities, and move workloads to the cloud, attackers are consistently refining their strategies to innovate and exploit the shifting attack surface. Motivated attackers will use common means to gain a foothold on a network, like phishing — to compromise an identity – or exploiting a known software vulnerability.

Once they have this foothold, they will typically seek to exploit privileged access to move laterally, for the purposes of reconnaissance, or to maintain persistence on the network to launch further attacks. Without this privileged access, the vast majority of attacks do not proceed beyond nascent stages. few recommendations that companies must take to maintain operations in the face of cyber-attack should include putting in place strong Identity Security programmes, centred on privileged access management. But perhaps the most effective change is to adopt an ‘assume breach’ mindset. Thinking like an attacker is the best route to effectively contain the inevitability of a cyber-attack.

Who are your key customers in India? Which are the verticals you focus on?

CyberArk in India has been most successful with larger enterprise customers. One of the primary reasons is the IT infrastructure maturity and complexity that characterises large organisations. Identity Security is an ongoing programme and a long-term partnership: a commitment between CyberArk and the customer. Top customers within verticals like BFSI, Telecom, as well as IT/ ITES, were early adopters of CyberArk and have continued to work with us for the last four or five years. Apart from these ‘usual suspects’, we have seen many manufacturing customers, especially those which have adopted automation tools or use mature ERP analytic tools, selecting CyberArk because of the out-of-the box integration we have driven together with leading technology vendors for hundreds of technologies through our C3 alliance.

Can you elaborate on privileged access & DevOps methodology?

In DevOps there are many tools which are used and, like all tools, they need to have certain credentials, access and privileges to configure and perform. In the DevOps world these privileges are called “secrets”. These secrets have to be managed like you would manage any other privileged credential. DevOps is a large and growing attack surface which attackers have been exploiting successfully, as we saw with the Codecov supply chain attack.

Your comment on the industry as a whole and what trends do you foresee?

Digital adoption in the last few quarters in most of the industry verticals has been accelerated exponentially. Business leaders are driving the technology colleagues to adopt disruptive technologies which give them a shorter time to market. Robotic Process Automation (RPA), AI & ML are been evaluated within all domains for the business to achieve competitive edge, enhanced functionalities, faster GTM, deeper customer satisfaction and so on. With these the old-school security frameworks must play a catch game as well as face lots of animosity from the business leaders.

The new cyber security world expects products and services which are quick and easy to set up, scalable, self-learning, intelligent and collaborative with other technologies.