CyberArk has introduced the CyberArk Secure Workload Access Solution, delivering the industry's most comprehensive protection for all non-human identities that matter. The solution will enable security teams to gain visibility and control over the entire machine identity lifecycle, from creation and governance to automated rotation and renewal.
Machine identities proliferate in cloud-native architectures, including applications, workloads, and automated processes. Unlike solutions focusing on singular machine identity types, CyberArk's layered approach will enable organisations to enforce least privilege, mitigate risk, and prevent credential-based attacks for all workloads across hybrid and multi-cloud environments.
In addition, CyberArk has extended its discovery and context capabilities, designed to help security teams take the first steps to modernise workload authentication by assessing, understanding and eliminating risks tied to unprotected machine identities. These automated capabilities help teams generate an inventory of secrets, certificates and information about their environment, understand the risk of compromise tied to each machine identity and prioritise mitigation actions.
"Modern, cloud and ephemeral workloads mean authentication can be fragmented, making access control challenging and resulting in a large, unprotected attack surface that dramatically increases the risk of breaches," said Kurt Sand, GM of Machine Identity Security at CyberArk. "Recent high-profile attacks have highlighted the urgent need for a modern, identity-first model that enforces universal and unique workload identities to help organisations confidently secure workloads across their entire hybrid and multi-cloud estate."
The core of the Secure Workload Access Solution is CyberArk Workload Identity Manager. This lightweight, distributed, and cloud-native machine identity issuer goes beyond traditional Public Key Infrastructure (PKI) systems that cannot scale to the needs of ephemeral cloud workloads. The new solution will integrate Workload Identity Manager with CyberArk Secrets Manager, enabling secure access for all workloads as cloud-native and containerised environments grow.
The CyberArk Secure Workload Access Solution will allow workloads running in virtualised environments to be automatically identified for access to cloud services and cloud provider environments, securing dynamic, cloud-native workloads like Kubernetes and service mesh. It will provide the capability to:
Securely connect on-premises and cloud workloads across environments with unique and universal SPIFFE2 identities that work with existing identities, applications, clouds and SaaS services.
Integrate seamlessly with secrets management for existing API key and access token authentication, as well as other secrets.
Discover and assess risk across all workloads, making it easier to detect threats, enforce security policies and prevent unauthorised access.
