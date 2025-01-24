The collaboration between CyberArk and Central Depository Services Limited (CDSL) has significantly advanced identity security within India’s financial sector. In an exclusive interview with Express Computer, Ravi Kumar, EVP and Head of IT at CDSL, and Rohan Vaidya, Area Vice President at CyberArk, discuss the impact of this partnership in securing critical infrastructure. CDSL’s adoption of CyberArk’s Privileged Access Management (PAM) solution has addressed key security challenges such as gaps in privileged access management, multi-factor authentication, and password rotation.

Ravi Kumar emphasizes how these improvements have strengthened access control, monitoring, and insider threat mitigation. Rohan Vaidya elaborates on CyberArk’s advanced discovery model, which continuously identifies and manages privileged accounts, ensuring compliance with stringent regulatory standards like SEBI’s Cyber Security and Cyber Resiliency Framework (CSCRF).

This partnership highlights the evolution of identity security as financial institutions in India embrace digital transformation. With a focus on innovation and emerging technologies like AI and machine learning, both CyberArk and CDSL aim to build more adaptive, resilient security frameworks to protect sensitive financial data and align with the country’s evolving regulatory landscape.

How does the partnership between CyberArk and CDSL redefine identity security priorities in India’s financial sector, particularly for critical infrastructure like depositories?

Ravi Kumar: Our partnership with CyberArk has been pivotal in addressing key concerns around identity security, especially given the critical nature of our operations. Before CyberArk, we were struggling with gaps in our previous privileged access management (PAM) solution. These challenges included issues with multi-factor authentication (MFA), database integration, and password rotation. CyberArk’s solutions have greatly enhanced our access control, strengthened security monitoring, and mitigated insider threats by continuously monitoring privileged accounts and managing audit trails, which is crucial for compliance and forensic analysis. Additionally, CyberArk has helped us secure remote work, manage third-party access, and reduce the attack surface, particularly regarding critical systems and sensitive data.

Please explain how CyberArk’s solutions have streamlined CDSL’s privileged access management processes and contributed to operational efficiency?

Ravi Kumar: CyberArk’s PAM solution has brought about significant improvements in our privileged access management process. One of the key benefits is centralised access control and management, which provides us with a unified platform to define, maintain, and control access to critical systems. Before implementing CyberArk, we struggled with MFA integration, but now we have 100% coverage in that regard. Additionally, the automated account discovery feature has been invaluable in identifying all privileged accounts, including service accounts, which were previously hard to track. The automated password rotation feature also reduces the risk of password reuse and saves valuable time by eliminating manual processes. The seamless integration with Active Directory has made user provisioning and deprovisioning more efficient, and the session recording feature has greatly assisted us with compliance and audits.

What are the key challenges CyberArk addresses in securing privileged identities, and how do these align with the unique requirements of CDSL in the financial ecosystem?

Rohan Vaidya: One of the main challenges in securing privileged identities is identifying and managing privileged accounts, which are highly targeted by cyber attackers. These accounts grant superuser access to critical systems, making them a prime target for hackers. CDSL, like many large organisations, faced the challenge of manually tracking these privileged accounts. CyberArk’s discovery model addresses this by continuously identifying and managing privileged accounts. This process is essential because as systems change and new accounts are created, there’s no way to manually track every privileged account. CyberArk ensures that these accounts are discovered, managed, and protected through a digital vault, ensuring the safety of credentials such as passwords, SSH keys, and API keys.



With increasing regulatory scrutiny, how has the collaboration ensured CDSL’s compliance with evolving financial and data protection regulations while enhancing its overall security posture?

Ravi Kumar: Compliance is crucial for us, given the regulatory environment in which we operate. CDSL is regulated by the Securities and Exchange Board of India (SEBI), and we must also adhere to other regulations for critical infrastructure. CyberArk’s solutions have helped us strengthen our access control, enhance security monitoring, and mitigate insider threats. The continuous monitoring of privileged accounts and the ability to produce audit trails for forensic purposes is critical for compliance. In addition, the ability to securely manage third-party access, along with the focus on data privacy and protection, has ensured that we meet regulatory requirements while improving our overall security posture.

Based on this partnership’s success, how do you foresee identity security frameworks evolving in India’s financial sector, and what role will innovation and collaboration play in this transformation?

Ravi Kumar: I believe the collaboration between CyberArk and CDSL marks the beginning of a broader transformation in identity security within the Indian financial sector. With the increasing digitisation and remote work, securing privileged accounts and ensuring compliance have become even more critical. As new technologies emerge, collaboration between technology providers and financial institutions will play a key role in ensuring that identity and access management systems evolve to meet the changing threat landscape. Innovation in areas like AI, machine learning, and automation will help improve detection and response capabilities, making security frameworks more adaptive and resilient. This evolution will be crucial in keeping up with the growing complexity and scale of India’s financial ecosystem.

Rohan, could you share your vision when CyberArk partnered with CDSL, particularly in the context of contributing to India’s financial landscape?

Rohan Vaidya: When we first engaged with CDSL, the leadership team had a clear vision – they wanted to provide convenient, dependable, and secure depository services to Indian citizens. This goal went beyond just being a critical infrastructure provider; it was about putting India on the global map as a leader in managing security for financial deposits. CDSL’s operations are complex, with over 500 depository participants, making the need for robust security even more critical. This is not just a technology project; it’s a broader mission to ensure the security and availability of services like e-voting, e-lockers, and more, which are vital for the economy. Our role was to enable this vision through secure, scalable, and effective identity management solutions, ensuring that CDSL could deliver these services securely without disruptions.

Ravi, you mentioned some technical advantages of CyberArk’s solutions. Could you elaborate further on the specific features that have had the most impact on CDSL’s operations?

Ravi Kumar: The centralised access control provided by CyberArk has had a major impact on our operations. We now have a unified platform for managing privileged access across our entire IT infrastructure, which simplifies the process significantly. The integration of multi-factor authentication (MFA) has been a major improvement, giving us 100% coverage. Another crucial feature is the automated account discovery, which has streamlined the identification of privileged accounts, particularly service accounts that were difficult to track manually. Additionally, the automated password rotation has greatly reduced the risk of password reuse, and the integration with Active Directory has made user provisioning and deprovisioning seamless. These features, combined with session recording for compliance, have significantly improved our operational efficiency and security.

Could you explain how CyberArk’s discovery model works and how it helps organisations like CDSL manage privileged accounts effectively?

Rohan Vaidya: The discovery model is essential for managing privileged accounts effectively. Many organisations, like CDSL, struggle with knowing how many privileged accounts they have and where they are used. These accounts are highly valuable to hackers because they provide superuser access to systems. CyberArk’s discovery model continuously scans the organisation’s IT infrastructure to identify privileged accounts, even those that are hidden or not well-known, such as service accounts. Once these accounts are discovered, they can be securely managed by placing them in a digital vault. This process helps organisations know what they need to protect and ensures that all privileged accounts are adequately secured, reducing the attack surface and mitigating risks associated with untracked accounts.



What are some of the challenges you face in securing privileged identities, and how do these challenges align with the unique requirements of CDSL and the financial ecosystem?

Rohan Vaidya: In any organisation, the first challenge is managing the vast technology landscape, which is always changing. Identifying and maintaining an accurate inventory of the technologies in use can be difficult due to the continuous evolution of the business and IT environments. The second challenge involves integrating proprietary or legacy technologies, which may not follow standard procedures and can be difficult to onboard. The third challenge is related to reporting and ensuring real-time communication of threats, especially when privileged accounts are under attack.

To address these, CyberArk provides a discovery module for privileged accounts and integrates with over 200 technologies through C Cube Alliance for easy onboarding. For legacy or proprietary systems, we can build custom connectors through professional services. Additionally, to ensure business continuity, we offer disaster recovery solutions and high availability features. Finally, integration with the SIM allows for real-time monitoring and alerts, which helps in identifying anomalies early and responding promptly.

Ravi, with increasing regulatory scrutiny in the financial sector, how has your collaboration with CyberArk ensured CDSL’s compliance with evolving financial and data protection regulations while also enhancing its security posture?

Ravi Kumar: In August of this year, SEBI introduced the Cyber Security and Cyber Resiliency Framework (CSCRF), which focuses on securing market infrastructure. The CSCRF framework emphasizes the need for strong access controls, particularly around privileged accounts. CyberArk helps us comply by centralising privileged access management, ensuring only authorised users can access critical systems.

CyberArk enforces the least privilege principle, integrating multi-factor authentication for stronger security. It also provides real-time monitoring and session recording to detect suspicious activities and ensure compliance with CSCRF. Additionally, it supports regular user access reviews, ensuring that access to critical systems is justified. CyberArk also enhances third-party and vendor access management with secure, time-limited access controls, reducing the risk of long-term exposure. The reporting and audit trails provided by CyberArk also help us ensure data protection compliance.

As new regulations and technologies continuously emerge, how does CyberArk stay ahead in terms of design, research, and execution?

Rohan Vaidya: CyberArk constantly collaborates with our cybernetic labs to research vulnerabilities and challenges related to new technologies adopted by our customers. This ongoing research leads to the incorporation of new findings into our products, either as new features or additional solutions.

As automation, AI, and cloud technologies gain more prominence, we are also focusing on securing machine identities—application-to-application interactions, hard-coded passwords, DevOps tools, and orchestration platforms. Recently, CyberArk acquired Venify, a leader in certificate management, to enhance our ability to secure certificates, which are critical for authentication. Securing certificates ensures they are not compromised or expired, preventing potential disruptions. Our continued innovation will also address new challenges in the evolving cybersecurity landscape.

Finally, as the BFSI sector adopts new technologies to safeguard sensitive information, what has been the key to the success of your partnership, and what role does innovation play moving forward?

Rohan Vaidya: The key to our success has been our ability to continuously innovate and adapt to new regulatory and technological challenges. As the financial sector evolves, our focus on securing both human and machine identities, along with our deep collaboration with CDSL, has been essential. The partnership’s success lies in a shared commitment to safeguarding critical infrastructure, not just through technical solutions but also by maintaining a strong governance framework. Innovation, particularly with the integration of GenAI and new security technologies, will continue to drive our efforts to stay ahead in this dynamic landscape.

Ravi Kumar: The success of this partnership can be attributed to a shared understanding of the critical role we play in safeguarding sensitive financial data. With CyberArk’s solutions, we ensure compliance and protect against evolving threats while maintaining the integrity of financial systems. Moving forward, as the BFSI sector continues to embrace new technologies, we remain focused on providing innovative solutions that not only meet regulatory requirements but also address emerging security needs.