Machine identities can become most vulnerable entry points in an organisation: CyberArk CISO

As technology pushes boundaries, cybersecurity threats wait around every corner. At the centre of this evolution, currently, has been identity and access management. Attackers exploit credentials rather than breaking into the systems through traditional methods, gaining access to sensitive data across hundreds of organisations.

“When we analyse the identity landscape, three major trends stand out. First, human identities are becoming increasingly complex, with privileges proliferating across nearly every user in an organization. Second, there is the rise of machine identities: non-human accounts, service accounts, and automated workloads. Third is the emergence of AI identities introduces a new layer, as autonomous AI agents begin performing tasks on behalf of humans or machines,” explained Dor Liniado, the chief information security officer at CyberArk, in a recent interview with TechCircle. 

To be sure, CyberArk is an Israeli cybersecurity firm which specialises in identity management. This year, US-based Palo Alto Networks announced its acquisition of CyberArk in a landmark deal valued at approximately $25 billion. This acquisition marks one of the largest in the cybersecurity sector and underscoring the growing importance of identity security in the modern threat landscape.

Machine identity is the fast-growing area in terms of security. A CyberArk survey last year found around 40–45 machine identities for every human identity. Latest findings show that the number has nearly doubled to 82 machine identities per human identity. These include service accounts, APIs, workloads, and other non-human entities that require authentication. 

“This exponential growth poses major governance and security challenges. If left unsecured, machine identities can become the most vulnerable entry points in an organisation. In a year or two, machine identities will likely outnumber human identities by an even larger margin, making automated management and protection essential,” Liniado said. 

A security industry veteran, Liniado further elaborated that every organisations is at a different stage in their identity security maturity journey. Some are still focused on securing human identities, while others have graduated to addressing the management of machine identities. Machine identities can be divided into several key categories like secrets, certificates, and API keys. 

CyberArk in India

Liniado is in India this week, attending CyberArk’s flagship event Impact in Mumbai. 

“From a CyberArk perspective, we’ve had a strong presence in India for about eight years now, with a fully established entity here. It’s much more than just a sales office, we have built a complete ecosystem that includes partners and a dedicated research center, with several teams spread across the country,” he said. 

CyberArk serves a wide range of industries such as banking, telecommunications, industrials, and more. Today, it has over 500 employees in India, working across functions such as sales, customer support, technical support, professional services, and R&D. In 2023, the company opened a new R&D facility in Hyderabad – CyberArk’s second-largest after Israel.