Attacks almost always involve the use of stolen privileged credentials, which represent the critical path for an attacker – the route to achieving the end goal. And they are found everywhere, in every aspect of IT, from on-premises to the cloud, on endpoints and across DevOps environments. CyberArk secures and manages these privileged credentials, wherever they are found, limiting the ability of an attacker to compromise what is truly valuable, says Rohan Vaidya, Regional Director of Sales – India, CyberArk, in conversation with Anupama Mehra of Elets News Network (ENN).

Cybersecurity has become a major concern for companies today. How does CyberArk fit in as a solution provider?

In India, as in the rest of the world, curbing the security breaches or leaks of critical data and assets like customer records, intellectual property, and system takedowns are a top priority for many organizations. These attacks almost always involve the use of stolen privileged credentials, which represent the critical path for an attacker – the route to achieving the end goal. And they are found everywhere, in every aspect of IT, from on-premises to the cloud, on endpoints and across DevOps environments. CyberArk secures and manages these privileged credentials, wherever they are found, limiting the ability of an attacker to compromise what is truly valuable.

Tell us about your position in the Indian market

Today in India, most of the customers in the IT & ITES, Banking, Financial Service and Insurance (BFSI), Telecom, Manufacturing, and large retail sector seems to be quite aware of the PAM ( Privileged Access Management ) offering. They understand the importance to prioritize the PAM deployment which improves their security posture quickly and is able to show a faster ROI to their management. We have seen many of the early adopters for PAM in the Indian market. They are now refreshing their current solutions to cover application identity management, endpoint privileged management as well as cloud, DevOps and RPA implementations. We still find few gaps in the way the CIO organizations implement and enforce PAM solutions as they have to deal with behavior change management for their teams to completely adopt PAM.

What new innovations are you planning to implement in the company?

As organizations increase investments in automation and agility, a general lack of awareness about the existence of privileged credentials – across DevOps, robotic process automation (RPA) and in the cloud – becomes a source of significant potential risk, leading attackers being able to exploit legitimate privileged access to move laterally across a network to conduct reconnaissance and access critical data and assets.

CyberArk is focused on preventing this lateral movement and helping organizations map security investments against their digital transformation initiatives.

Do you think India needs more skilled labor to deal with different vulnerabilities associated with cybersecurity?

The short answer is yes. The whole industry – vendors, partners, and end-users – suffers from a shortage of cybersecurity skills. Addressing this is a collective responsibility, of course, but the prime change driver should stem from governmental policy. Only the government has the scale and influence to continue and intensify India’s focus on cybersecurity vocational and skills training, to help improve links and knowledge sharing between private and public bodies and to incentivize organizations to invest as well.

How significant is the role of regulator or government, when it comes to safeguarding data on the cloud?

CyberArk has offered cloud-ready solutions for some time now but in the last two to three years we have really seen an uptick in the number of our customers moving to the cloud. Where we see a gap – that potentially a regulator could fill – is in the end-user understanding of who is supposed to secure what in the cloud.

Many leave security to cloud providers to one degree or another, but cloud providers are very clear about what they are responsible for and also what they are not. Data in the cloud will still be the responsibility of the customer and must be robustly secured by the customer. There is a need to have a strong framework defined for data privacy and data localization and align to the Indian socio-economic, cultural diversity as well as the business environment.

To make this happen there will be regulation that may come in play. Version 1.0 will see many alterations and improvements since the data privacy and data localization will go through a lot of fine-tuning before it settles down.

Also Read: Cybersecurity perils: What CISOs must bear in mind

There may be few hardships for businesses in India since the businesses are in different phases of digitalization hence vary in their maturity in managing their data. The data privacy and data localization bill will provide a good baselining for the businesses to start adopting and building data policies that will help them in the long run.