CyberArk’s on a mission to perfecting identity security

“Identity security is one the biggest challenges that needs to be solved in order to fix cyberspace,” says Omer Grossman, the Global Chief Information Officer at Identity Security company at CyberArk.

When it comes to identity security, CyberArk is leading the adoption as it continues to innovate solutions to help businesses understand the importance of identity security. The leader in the 2024 Gartner Magic Quadrant for Privileged Access Management was also recognized as the Overall Leader in the 2024 Leadership Compass on Privileged Access Management (PAM) by IT analyst firm KuppingerCole.

Given the recognition, CyberArk has continued to expand its portfolio as well. Following the acquisition of Venafi in 2024, the security vendor has recently announced the acquisition of Zilla Security, an Identity Governance and Administration (IGA) solutions provider for an enterprise value of US$165 million in cash and a US$10 million earn-out tied to the achievement of certain milestones.

With the addition of Zilla, CyberArk will look to further expand its most comprehensive AI-powered Identity Security Platform for humans and machines. However, the question now is how much are enterprises truly understanding the importance of securing machine identity?

According to CyberArk’s 2024 Identity Security Threat Landscape report, 93 percent of organizations have been the victim of two or more identity-related breaches, identity security has become one of the most critical components of a comprehensive cybersecurity strategy.

To understand more about this, CRN Asia caught up with Omer Grossman, the Global Chief Information Officer at Identity Security company at CyberArk. For Grossman, identity security is one the biggest challenges that needs to be solved in order to fix cyberspace.

“In CyberArk, in the last two years, we increased the IT organization by more than 50% to basically support many digital transformations that are happening. And now, AI is probably one of the most important transformations within our lifetime, with implications that we don't necessarily know to predict yet,” said Grossman.

For organizations, Grossman believes the focus should be on building trust through identity security. Given the increasingly heavy use of GenAI capabilities, the focus should be now on ensuring businesses are prioritizing identity security for both machines and employees.

“What does identity security mean to cyber? Digital identity is basically how you can be perceived within cyberspace. This is who you are in the digital realm. We have four different categories or types of identities. The first one is the workforce. The second one is the IT admins. The third category of the family are the developers,” explained Grossman.

Before discussing the fourth category, Grossman mentioned that developers are having more permissions today as they need to create software. However, he believes this should be handled in a relevant approach.

“In the age of the cloud, developers have many permissions to their own domain or their own part of the subdomain of the entire posture, their account in AWS or Azure and such. They usually have high permissions to their part. They really can do most of the time whatever they want to, potentially in the production environment. However, they need to have the relevant controls to be able to deliver code in a secure way. Hopefully or usually in an almost seamless way. At the same time, you don't want developers to feel they are being limited by security measures. They don't want their creativity to be contained, and they want to be able to deliver and develop. That's a different challenge and that requires adjusted controls,” explained Grossman.

The last category for identities is machine identities. For Grossman, machine identities represent everything that are happening behind the scenes, not by humans, but on behalf of humans, of the human employees, through automation, orchestration, and most recently, AI bots and AI agents that are doing tasks and taking actions on our behalf, hopefully.

“You need to have relevant controls to set the access and the right permission. It's different. You have many machine identities per human user on average. A CyberArk survey in 2024 revealed the number of machine identities to humans’ number 45 to 1. This year, I presume it will get to at least 100 to 1 with all the AI agents. It's exponentially growing, so the task and the challenge are only getting tougher and harder,” added Grossman.

Improving identity security with Venafi and Zilla

Interestingly, Grossman also pointed out that CyberArk’s acquisition with Venafi last year allows them to have a one stop shop to have the biggest and most robust platform to give the machine identity security features needed to everyone.

“That's the most mature platform currently in the world. We assume, from a strategic perspective, that the machine identity part will only get bigger and bigger in the next few years,” he said.

Building on the acquisition of Venafi would be CyberArk’s acquisition of Zilla as well. Zilla’s modern IGA capabilities are available from CyberArk as standalone offerings. This includes Zilla Comply that simplifies user access reviews and evidence documentation through robust integration and automation that supports the entire audit process, from app integration to the evidence package for auditors.

Customers will also get access to Zilla Provisioning, which revolutionizes access management with an AI-driven, automated approach to provisioning tasks such as onboarding, role transitions and offboarding, while ensuring all identities receive job-appropriate entitlements and access.

Helping customers manage identity security

According to Grossman, customer experience is top of mind for CyberArk. Grossman pointed out that when it comes to identity security, enterprises need to acknowledge that identity in the digital domain is heavily weaved or intertwined with all the business processes in the company.

“If you are a mature enterprise like a bank, for example, or a defense industrial based company, it's not plug and play. You need to weave it into an already existing process. We acknowledge it will take time to implement and we're there with you,” said Grossman.

A recent example would be CyberArk’s partnership with Builder.ai. The software company selected CyberArk to secure identities across its multi-cloud environment, protecting and automating workforce and developer user access to all apps with intelligent privilege controls.

Specifically, Builder.ai required the ability to secure and automate the access of its growing employee base to resources located all over the world. With CyberArk, Builder.ai deployed Workforce and Developer solutions from the CyberArk Identity Security Platform to secure a wide range of access points across the entire user journey in a centralized, friction-free and highly visible way.

“At the end of the day, we look at it not just as a transactional relationship, but a strategic relationship, meaning that it's all about education. We don't just give you the solution and go back home. We will help you go through the implementation. We will help you with support afterwards. So, CyberArk really invests in getting the customer up to speed and implement it,” he added.

In 2025, Grossman predicts that there will be more mature AI capabilities within existing framework and platform to not just boost productivity but also enable better engagement and better user experience.

“You'll see much more security capabilities coming from AI-enhanced features. Last year, it was experimentation across the world. This year, you'll see the more mature vendors bringing much more impactful capabilities for security with AI,” he concluded.