By Rohan Vaidya, Area Vice President, India & SAARC, CyberArk
The adoption of cloud technologies is rapidly transforming enterprises in India, a key player in the Asia Pacific (APAC) region. Research suggests the Indian public cloud market is projected to reach USD 17.8 billion by 2027, growing at a compound annual growth rate (CAGR) of 22.2%.
The benefits of deploying cloud infrastructure and running enterprise applications in the cloud include more business flexibility, economic savings from more efficient and automated operations, and pay-as-you-go scalability. By leveraging these benefits, organisations can improve their security posture and productivity, reduce administrative burden, and accelerate seamless and secure user experience across various cloud services and applications.
Such accelerated adoption of cloud architecture calls for a paradigm shift in the way cloud identities are secured. According to the Digital Threat Report 2024 by India’s Ministry of Electronics and Information Technology, BFSI sector organisations report widespread security gaps in cloud deployments, specifically misconfiguration and poor identity and access management controls. With the rapid adoption of cloud under programs like Digital India, relying on older identity techniques could be catastrophic. Modern identity-centric security frameworks that provide continuous visibility, automation, and governance must be deployed to protect sensitive workloads spread across hybrid and multi-cloud environments.
Exploring the various cloud identities
When we talk about securing cloud identities, we are referring to managing user permissions. Each type of identity possesses different access needs and a different level of risk within an organisation:
Cloud operations identities are given to cloud operators, architects, and site reliability engineers. Within cloud operations, administrators have complete administrative access and the ultimate permission to affect every service and resource within the cloud account.
Developer identities refer to any human engineers who write code. Developers will self-administer various cloud services, create cloud-native applications, push workloads into the cloud, and access supporting resources.
Application and audit team identities refer to other non-developer application teams and any audit teams checking compliance. They require fewer privileges, like read-only access to various services.
Machine identity workloads are cloud-native applications, services, automation tools, and processes required for business operations.
The importance of cloud identity security
The importance of cloud identity security cannot be overstated in India, where rapid cloud adoption amplifies risks. According to a report, properly implemented SaaS solutions can significantly enhance cybersecurity by providing centralised management of identity and access across multi-cloud environments. For example, machine identities now outnumber human identities by a staggering 82-to-1 within enterprise environments. Managing permissions and identities across separate cloud platforms is a challenge, especially because of the proliferation of tools tailored for cloud architecture, such as cloud monitoring, solutions that automate provisioning, repositories, scanning, and more.
According to a 2025 survey, 61% of respondents globally do not have identity security controls in place to secure cloud infrastructure. 52% of Indian respondents reported that the surge in new identities was driven by the rapid adoption of cloud applications. In APAC, including India, 45% of respondents noted that the increase in new identities was driven by the adoption of new cloud applications, underscoring the need for enhanced security measures in the rapidly growing cloud ecosystem.
Compromising a single identity for an innocuous code-scanning tool may open the door to a serious breach, and requires closer scrutiny. Organisations must constantly challenge their comfort zones, particularly when securing their application environments. Even though building a secure and well-designed cloud architecture is a collaboration between organisations and CSPs, the responsibility of giving the right people access to the management consoles, cloud services, and infrastructure workloads (which is where cloud identities come in) is within the purview of the organisations.
The good news? Setting up a strong and secure cloud environment is entirely possible if Indian organisations adhere to a few essential guiding principles:
Zero standing privileges (ZSP): The dream scenario of access is to give someone access to only the things they need. However, this is often viewed as unrealistic in cloud security. The principle of ZSP is to remove persistent privileges, limit implicit trust, and provide several levels of control to verify access.
Time, entitlements, and approvals (TEA): Designing a better user experience without compromising user experience can be a significant challenge, especially for roles like developers. The key to this balanced cloud strategy is TEA:
Time: How much time is access granted?
Entitlements: What level of access is granted?
Approvals: What level of checks is undertaken on access?
Organisations in India must ensure their cloud security practices comply with new regulations. Implementing principles like ZSP and TEA is critical for compliance and securing cloud identities.
Cloud security must be balanced with growth
As cloud architectures evolve in India, managing access remains a complex challenge. Securing all layers of cloud identities must be balanced with enabling development teams to respond swiftly to market demands or critical system issues. This challenge spans multiple cloud environments, teams, cloud-native tools, and both human and machine credentials, particularly in India’s multi-cloud landscape.
A holistic, centralised solution will help apply appropriate controls through policy-based access to help meet baseline compliance requirements, standardise audit and reporting, and enable continuous improvement into the future.