CyberArk, in collaboration with the Data Security Council of India (DSCI), launched an in-depth report titled “Orchestrating Multi-Cloud Identities: A Unified Approach to Access Management”, through a virtual event. The event was presided by Rohan Vaidya, Area Vice President for SAARC & India at CyberArk, who provided key insights into the challenges and strategies surrounding cloud adoption and cybersecurity in today’s evolving digital landscape.
Rohan Vaidya emphasized that the conversation around cloud adoption is no longer about “if” organizations should move to the cloud, but rather “how” they can optimize their journey. He pointed out that many senior executives and CIOs are now focusing on strategies like adopting Software as a Service (SaaS) to enhance business agility and scalability. “There seems to be a strong consensus that ‘SaaS-first’ will define the future of business. With this in mind, we’ve been engaging with numerous customers, partners, and prospects across the industry. One question that frequently arises is about the challenges of security in a SaaS environment. Security is often seen as one of the most significant concerns, with various perspectives and approaches on how it should be addressed,” he stated while sharing his views on how this shift presents significant security challenges, especially in SaaS and multi-cloud environments.
“Our discussions with partners and customers revealed common concerns about how security solutions can be deployed effectively in a SaaS environment. This report, developed in partnership with DSCI, delves deep into these challenges, separating myths from reality, and aims to strengthen IT security in complex cloud environments,” he added.
Key Challenges in Multi-cloud Environment Mentioned in CyberArk Report
The report provides actionable insights into identity management within multi-cloud frameworks. It explores the increasing complexity of managing human and machine identities as organizations scale their operations across multiple platforms. Vaidya highlighted some of the major challenges witnessed in a multi-cloud environment involves three key areas:
- Human identities: These refer to employees who log into the system. Every person accessing the environment needs a digital identity, so the one who is on the cloud and what they are doing can be tracked.
- Machine-to-machine communication: In cloud environments, there are machine-to-machine or application-to-application interactions, which are handled by service accounts. These accounts facilitate automation between applications, but identifying and authenticating the applications involved is crucial.
- Application identity: For many years, application identities were hard-coded with usernames and passwords in scripts, making them vulnerable to hackers. If a hacker gains access to a script and decodes the username and password, they can access the application, make changes, and exit without being detected. This has become a significant security concern for cloud environments.
- Automation and AI identities: With increasing automation and the rise of AI, there are now bots, including AI bots, managing large numbers of machine identities, such as API and SSH keys. A single bot could handle as many as 100,000 identities for efficiency. However, if these machine identities are compromised, the impact could be severe. While humans use common sense in handling identities, machine identities, if not properly managed programmatically, present a much larger risk. One error could lead to catastrophic consequences.
Key challenges:
- Complexity: Managing identities becomes increasingly complicated with the adoption of new technologies.
- Visibility: It’s difficult to maintain clear visibility over all the identities in the system.
- Exponential growth: The number of machine identities grows rapidly as more automation is introduced.
- Diverse authentication methods: New authentication methods are being developed and tested regularly, making it challenging to standardize identity security controls.
Standardizing identity security in a multi-cloud environment is complex and creates a lot of uncertainty. This remains one of the most significant challenges for cloud architects, stated Vaidya.
The CyberArk report also touches on the unique security concerns in specific industries, such as banking, healthcare, and manufacturing. Vaidya noted that 60% of global banks are expected to adopt SaaS by 2026, with regulatory frameworks playing a significant role in shaping their cybersecurity strategies.
He also pointed out that industries like healthcare and manufacturing, while slower to adopt SaaS, are beginning to embrace cloud-based solutions. “In manufacturing logistics, everyone wants things to be faster and cheaper. The only way to achieve this is by quickly adopting scalable, agile technologies—and that’s exactly what SaaS enables. We expect manufacturing to adopt this rapidly. However, one of the main challenges in the sector is the lack of IT professionals compared to manufacturing specialists. The ratio is heavily skewed toward the latter, meaning there are fewer IT experts supporting the core business. SaaS simplifies and makes technology more adaptable, and once the myth that technology is hard to manage is dispelled—with easier and more deployable solutions—we’ll see wider adoption in the industry,” he said.
However, concerns around data privacy and security in these sectors remain paramount. “There’s a vast amount of health data out there, and if it leaks, it could lead to personal privacy violations. For instance, insurance premiums could rise, or sensitive information about someone’s medical conditions could become public, which would be a serious breach of privacy. This is why regulators will closely scrutinize any new or disruptive technologies being introduced. The key question will be: are you ensuring data security and complying with privacy laws?” questions Vaidya. The CyberArk report offers practical recommendations for organizations to address these issues while optimizing their cloud adoption journey.
Vaidya stressed in his presentation that agility, scalability, and security are the key drivers for businesses transitioning to SaaS models.
