Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Why CISOs in India should rethink identity security in the age of artificial intelligence, ETCISO

Why CISOs in India should rethink identity security in the age of artificial intelligence, ETCISO

Why CISOs in India should rethink identity security in the age of artificial intelligence, ETCISO

For Chief Information Security Officers (CISOs) in India, the conversation around artificial intelligence (AI) has moved well beyond experimentation. Across industries, AI is now being introduced into customer service, development environments, analytics platforms, and internal operations. Business leaders want faster execution, greater efficiency, and stronger competitiveness. CISOs are being asked to support that growth while ensuring risk does not scale alongside it.

Since the Covid-19 pandemic, remote and hybrid work have pushed many organisations toward cloud-first operations, giving employees access to business systems from anywhere. While this has improved flexibility, it has also created a new challenge for CISOs: the next incident may not begin with malware, but with a basic email or message that seems real. As AI becomes deeply rooted in enterprise environments, it is easier for attackers to take advantage and knowingly exploit trust rather than infrastructure, making identity security impossible to treat as a secondary priority.

Recognize where the pressure is building

The pressure to enable AI quickly is creating difficult trade-offs for security teams. A recent identity security report shows that 46% of organizations in India say identity-related security friction has already delayed AI initiatives, the highest globally. For many organisations, this may feel familiar.

Security is expected to move at business speed, often with fewer opportunities to challenge access decisions that are made in the name of productivity. The risk is that temporary compromises can quietly become permanent vulnerabilities. The first step is recognizing that identity security is no longer only about access management.

Move beyond perimeter thinking

Many organizations still operate with security models built for very different purposes. Traditional models have been designed mainly to protect networks, endpoints, and office-based systems. But users now work across cloud platforms, remote locations, third-party applications, and automated tools. The perimeter that once defined security has become far less relevant. CISOs must focus on the shift toward controlling who has access, why they have it, and how that access is being used. Attackers understand that compromising a legitimate account can often be more effective than trying to breach a firewall.

Reduce access before risk expands

One of the strongest actions that can be taken is reducing unnecessary access across the organization. In many businesses, permissions accumulate over time. Employees switch jobs, vendor contracts expire, yet they have access longer than needed, and privileged accounts remain active simply because removing them feels disruptive. Every employee, contractor, and application should have only the minimum permissions required to perform a task. By reducing access, a business can limit an attacker from messing with credentials.

Replace permanent privileges with temporary access

In India, 68% of CISOs admit they continue to allow standing access because of operational demands, proving that standing access remains one of the most common weaknesses in organisations. Instead of permanent access, organisations should consider OTP permissions. For CISOs, this can have two benefits – it reduces the attack surface while still allowing teams to work efficiently and creates stronger accountability by ensuring privileged actions are tied to a clear business need.

Treat credential security as a leadership priority

In India, 42% of respondents say they rely on static, long-lived credentials. Static credentials continue to create preventable vulnerabilities. Passwords, tokens, and privileged credentials that remain unchanged for long timelines can become easy targets for attackers. Once exposed, they can provide ongoing access unless they are properly managed. Organisations should check and monitor how credentials are stored, rotated, and monitored across the business. Secure vaulting and regular rotation can significantly reduce long-term exposure without disrupting operations. Credential security should not be treated as a technical maintenance task. It should be treated as a leadership priority.

Watch for behaviour, not just authentication

Access alone no longer confirms trust. A login may appear real while the purpose behind the activity is for something unusual. Changes in usage patterns, abnormal requests, or unexpected movement between systems can often reveal compromise before a breach becomes visible. As a security leader, the team should be encouraged to focus not only on who accessed a system, but also on whether the behaviour matches what should normally happen. That shift can improve detection without slowing the business down.

Lead with resilience, not reaction:

For CISOs in India, AI is changing more than technology. It is changing how trust itself can be exploited. The organizations that navigate this successfully will be the ones where security leaders build stronger identity controls before risk becomes a business disruption. The role is no longer just protecting systems but protecting the trust that keeps the business moving.

The author is Anand (Jude) Kannabiran, Vice President, Asia at Delinea.

Disclaimer: The views expressed are solely of the author and ETCISO does not necessarily subscribe to it. ETCISO shall not be responsible for any damage caused to any person/organization directly or indirectly.

  • Published On Jul 18, 2026 at 08:01 AM IST

Join the community of 2M+ industry professionals.

Subscribe to Newsletter to get latest insights & analysis in your inbox.

All about ETCISO industry right on your smartphone!




Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket