Identity is the New Perimeter: Abhishek Gupta, MD – India, SailPoint
In an exclusive conversation with Express Computer, Abhishek Gupta, Managing Director – India, SailPoint, talks about the evolving role of identity in cybersecurity. He also outlines how they are transforming identity and access management (IAM) by embedding artificial intelligence into its core platform, the importance of visibility in preventing credential-based attacks, and why Indian enterprises must shift from traditional perimeter security to an identity-first approach. With India being a key market for SailPoint in Asia, and home to a new data centre, he also delves into talent acquisition, regulatory preparedness, and the company’s partner-led go-to-market strategy.
To begin with, could you give us a brief overview of SailPoint’s global presence and core areas of expertise within the identity and access management (IAM) space? How has the company evolved to meet today’s cybersecurity challenges?
We started in 2005 and are one of the pioneers in the identity security space globally. Initially, we started as an Identity Governance and Administration (IGA) solution provider but have since evolved into a comprehensive identity security company. Our strength lies in providing visibility across an organisation’s IT landscape—essentially understanding who is accessing what, from where, and why. This kind of visibility is critical in today’s threat landscape, where cyberattacks are increasingly based on stolen credentials rather than traditional hacking methods. Attackers often enter systems using legitimate credentials and lie dormant while gathering intelligence, which is why enterprises need deep visibility to detect and mitigate these risks.
We offer integration with a wide range of applications and identity types—whether on-prem or cloud-native and human, machine, or even AI agents. The nature of identity has evolved significantly to include contractors, bots, AI agents, and more, and SailPoint is equipped to handle this complexity. We serve customers across sectors such as BFSI and healthcare, providing a single-pane-of-glass view for security and compliance.
SailPoint has been steadily growing its presence in India. Can you shed light on your current operations here, key milestones, and how India fits into your broader strategic roadmap?
Our presence in India began in 2011 with our Pune office, which initially focused on engineering and technical support. Over time, we expanded this to include cloud engineering, global customer support, and more recently sales, growing our India office significantly. Two years ago, we launched our India sales operations, which was a major milestone. Another key achievement was the establishment of our India-hosted data centre on AWS, which ensures compliance with local data residency and regulatory requirements.
India is a strategic market for us, not just in terms of talent but also in terms of customer expansion. The visit of our global CEO, Mark McClain, last year signalled our strong commitment to growing in this region.
How are you sourcing talent in India, especially for such a niche domain, and are you working with academic institutions to develop relevant skills?
Identity and access management is a niche field, and finding ready-made talent with specific skills can be a challenge. Fortunately, many of our global customers have backend operations in India, which gives us access to a semi-trained workforce familiar with identity solutions.
In addition, we are initiating collaborations with academic institutions to build a talent pipeline, although these efforts are still in early stages. IAM requires a mix of domain expertise, cloud technology skills, and integration capabilities. While it may be difficult for freshers to start in this space, it’s not impossible. We invest heavily in internal training and upskilling to develop our talent in-house.
With AI rapidly transforming the cybersecurity landscape, how is SailPoint integrating AI into its identity security solutions? Could you share more specific examples?
AI isn’t just an add-on feature for us; it is built into the core of our platform. Since 2017, we’ve been investing in AI and machine learning, and as of January 31, 2025, we had 79 issued patents and 16 patent applications pending in the United States, and eight issued patents internationally. AI allows us to enhance key processes like access certification.
Previously, managers had to review massive lists of user entitlements, which led to rubber-stamping all access rights due to the volume of data. Now, with AI, we send targeted recommendations—what we call “identity outliers.” These are based on risk scores, behavioural patterns, and peer group analysis. This reduces manual effort and improves security outcomes.
What role do you see AI playing in the future of IAM and enterprise cyber defence?
As organisations scale and adopt more applications and services, the number of identities they need to manage increases exponentially. Humans alone can’t manage this complexity. AI plays a critical role in automating identity lifecycle management, detecting anomalies, and enhancing decision-making. We believe that if your IAM platform is not AI-enabled, it’s not future-ready.
Let me share a recent personal example—I interacted with a support agent for over 15 minutes before realising it was an AI-driven system. That’s the level of advancement we’re talking about. With AI also being used by attackers, it’s crucial that defenders use AI as well.
In your view, how prepared are Indian enterprises today when it comes to identity-centric cybersecurity? What are some of the key gaps you’ve observed, and how is SailPoint helping bridge them?
Indian enterprises are waking up to the importance of identity-centric security. Traditionally, cybersecurity investments in India were focused on perimeter protection like firewalls, VPNs, and endpoint protection. But today, attackers are targeting data, and the gateway to data is through identities.
We often say that identity is the new perimeter. While Indian organisations are still maturing in this space, awareness is growing. We expect to see a significant uptake in identity-first strategies over the next 6 to 12 months. We help in bridging this gap by offering scalable, intelligent, and compliant identity security solutions.
Is it easy to clone someone’s identity and infiltrate a system today?
That depends entirely on an organisation’s environment and security posture. In the past, many systems were password-driven and lacked complexity. Today, with the advent of multi-factor authentication (MFA), single sign-on (SSO), and biometric systems, it’s much harder.
However, despite all these advancements, if an organisation lacks visibility—if it doesn’t know who is accessing what—it’s still vulnerable. That’s why visibility is the foundation of identity security.
Given the evolving regulatory environment around data protection and cybersecurity in India, what is your assessment of the current frameworks? What steps should organisations take to stay compliant and secure?
While India’s Data Protection Bill is not fully enforced yet, the draft framework we’ve seen is on par with global standards like GDPR. It’s robust and comprehensive. At SailPoint, we have aligned our privacy practices with the GDPR, which is widely accepted as the world’s most comprehensive and stringent privacy law, and we also adhere to international data privacy laws.
My advice to organisations is to get proactive. Don’t wait for enforcement. Implement a strong IAM framework that can demonstrate accountability—who accessed what, for how long, and for what purpose. Maintain audit trails, enable policy enforcement, and build a compliance-ready culture.
What does SailPoint’s go-to-market strategy for India look like in 2025 and beyond? Are there any key focus areas in terms of partner engagement, vertical-specific expansion, or customer enablement initiatives?
We are a partner-driven company. Our ecosystem in India includes both global system integrators and regional/niche partners. This approach allows us to cater to diverse customer requirements across geographies.
We run a global partner program called “SailPoint Partner Fleet,” which has been rolled out in India. This program supports partner training, co-selling, and co-marketing activities. From a GTM perspective, we’re targeting large enterprises undergoing serious digital transformation. We are particularly strong in compliance-heavy verticals like BFSI and healthcare. But even sectors like manufacturing are increasingly dealing with identity challenges.
Our focus is more on the maturity of the customer’s IT landscape than on any specific vertical. We also offer robust customer success programs, including initial and ongoing training, support from our professional services teams, and long-term learning enablement.
Are you seeing increased burnout among cybersecurity leaders and teams, especially CISOs, due to rising pressure and alert fatigue?
Yes, burnout is a real issue, especially among CISOs and security teams. The constant pressure of responding to alerts and preventing breaches is intense. Burnout often happens in organisations that haven’t invested in the right technology stack. When you lack automation, visibility, or proper support tools, the human burden increases exponentially.
Support from leadership also matters greatly. If the board and executive management understand and back cybersecurity investments, the security teams are more effective and less stressed. As you rightly pointed out, this isn’t just a business issue—it ties into national security. A single breach can wipe out significant economic value, which affects every citizen.
Cybersecurity, like national defence, requires ongoing investment. There’s no final destination—only continuous evolution. At SailPoint, we dedicate a portion of our expenses to research and development. This ensures we stay ahead of the curve. Vendors that don’t invest in innovation and R&D will find it difficult to survive the next five years. As threats evolve, so must the solutions. Our mission is to ensure organisations stay protected by putting identity at the heart of security.
