Speaking with TechGraph, Subhalakshmi Ganapathy, Chief IT Security Evangelist at ManageEngine (Zoho Corp), discussed how the rapid adoption of hybrid and multi-cloud environments is redefining enterprise security by introducing new layers of complexity and blind spots that traditional defenses often overlook, and how the company’s unified platform is helping organizations bridge these gaps to build more adaptive and resilient security frameworks across distributed infrastructures.
She also spoke about ManageEngine’s Human-in-the-Loop model, which combines intelligent automation with human expertise to detect anomalies faster, prevent data manipulation, and ensure that AI-powered security systems operate responsibly within enterprise environments.
Read the interview in detail:
TechGraph: With organizations embracing hybrid and multi-cloud environments at scale, what blind spots in IT security do you believe are most underestimated today, and how should enterprises realistically address them?
Subhalakshmi Ganapathy: The shift to hybrid and multi-cloud environments, while accelerating innovation, introduces significant, yet underestimated, security blind spots. The two most critical threats are misconfigurations going unnoticed and inadequate monitoring of user activities.
Misconfigurations arise from the complexity of managing disparate security settings across different cloud providers. The speed of development often outpaces security reviews, leaving countless vulnerabilities. Simultaneously, without a unified view, unmonitored user and service account activities—whether malicious or accidental misconfiguration—can go undetected, allowing for a breach to escalate rapidly.
To address these blind spots, enterprises must pivot from a fragmented to a unified security approach. This involves adopting a unified security console across their infrastructure, including on-premises and multi-cloud environment, for continuous, automated misconfiguration detection across all environments. Concurrently, a robust Zero Trust Architecture (ZTA) must be implemented to enforce the principle of least privilege and provide context-based access control, effectively securing the new perimeter—the user identity.
TechGraph: Ransomware has evolved from opportunistic attacks to highly targeted operations. From your vantage point, how are enterprises misstepping in preparation, and what countermeasures actually work beyond the usual playbook of backups and patching?
Subhalakshmi Ganapathy: As ransomware shifts to sophisticated, agentic AI-driven operations, enterprises are misstepping by over-relying on traditional defenses. The biggest blind spot is failing to recognize that attackers now conduct multi-stage campaigns, including credential-stealing and information theft, before locking data. Relying solely on backups and patching is a reactive strategy against a proactive, decision-making threat.
The key to effective countermeasures lies in building true resilience. Beyond backups, this means adopting AI and behavioral analytics technologies that can detect subtle initial deviations from a baseline—such as anomalous file access patterns or unusual lateral movement—and proactively isolate the threat at its inception. Continuous monitoring and micro-segmentation are crucial to prevent an attacker from moving laterally and escalating privileges. This approach focuses on minimizing the “dwell time” of an attacker, turning a potential disaster into a contained incident by identifying the early warning signs that traditional defenses miss.
TechGraph: Identity has become the new perimeter in security conversations. How do you see the role of Active Directory and IAM solutions shifting in the next three to five years as insider threats and credential misuse grow more sophisticated?
Subhalakshmi Ganapathy: In the next three to five years, the focus will shift from simply controlling human access to a more sophisticated, holistic identity fabric that treats non-human identities—such as bots, service accounts, and API keys—as a primary security concern.
Current IAM technologies often struggle with the ephemeral and autonomous nature of non-human identities. With multi-cloud and hybrid architectures, these identities are frequently created with excessive privileges, have poorly managed lifecycles, and lack the multi-factor authentication (MFA) that human accounts are required to use. Attackers are increasingly targeting these blind spots, exploiting a single over-privileged service account to achieve lateral movement and escalate their privileges across the entire enterprise.
In the next four to five years, machine identity management (MIM), will become one of the core competencies of IAM. We might see the maturation of purpose-built platforms that discover, manage, and secure machine identities. These solutions will focus on automating the entire lifecycle of credentials like certificates and API keys, ensuring they are automatically rotated, have short-lived lifecycles, and are never hard-coded into applications.
TechGraph: Many enterprises still see security as a reactive cost center rather than a business enabler. How do you convince C-level leadership to view IT security as an investment that directly impacts growth, resilience, and customer trust?
Subhalakshmi Ganapathy: The notion of security as a reactive, rules-based exercise is a dangerous relic of a bygone era. In today’s digital economy, IT security is a strategic business enabler—a fundamental investment in resilience, growth, and customer trust. C-level leaders now understand that a proactive security strategy is a form of business insurance that safeguards against the catastrophic financial impacts of downtime, regulatory fines, and reputational damage. When security is embedded into every business process, it becomes the foundation for trust and a powerful competitive differentiator.
Therefore, even some of the most impactful compliance frameworks—from GDPR to NIST—have evolved far beyond simple audits. They are holistic security mandates that require a proactive posture.
This new reality demands implementing proactive risk frameworks to identify and mitigate threats before they materialize. It requires a clear data breach notification and a robust resilience framework to ensure business continuity in the face of an attack.
Consequently, security can no longer be seen as a separate, isolated cost center. It is an integral business function, inextricably linked to revenue, reputation, and operational longevity.
TechGraph: With AI-driven cyberattacks becoming more practical, how can enterprises balance leveraging AI for defense while ensuring they don’t end up creating new attack vectors within their own infrastructure?
Subhalakshmi Ganapathy: Enterprises face a dual challenge with AI: leveraging its power for defense while mitigating the new security risks it introduces. The balance lies in treating AI not as a black box, but as a critical infrastructure component that requires stringent governance and human oversight. LLMs, while a formidable technology for anomaly detection, also creates new attack vectors like data poisoning, where adversaries corrupt training data to manipulate a model, or model evasion, where they craft inputs to bypass its defenses.
To counter this, a robust framework is essential. It starts with meticulous data flow management and privacy controls, ensuring that the data used to train AI models is secured and anonymized. You can’t protect what you can’t see; therefore, complete visibility into the data pipeline is crucial to detect any unauthorized tampering.
The most effective strategy, however, is a Human-in-the-Loop (HITL) implementation. This approach ensures a human expert validates the AI’s high-stakes decisions. It’s the necessary balance between AI’s speed and human judgment, significantly reducing the attack surface and preventing catastrophic errors. This controlled approach turns AI from a potential liability into a truly resilient and trustworthy defense mechanism.
TechGraph: Regulations and compliance frameworks are multiplying across regions and industries. How can global enterprises practically balance compliance with actual security priorities without drowning their IT teams in checklists?
Subhalakshmi Ganapathy: The multiplying regulations across the globe threaten to drown IT teams in fragmented checklists. The solution isn’t adding more of them; it’s a fundamental shift from a one-time task to a continuous business function.
Compliance isn’t a destination—it’s an ongoing journey that requires dedicated investment in people and technology. Relying on a static, yearly audit leaves enterprises dangerously exposed to evolving threats.
To ensure true security, organizations must embed compliance as a core, continuous function.
Global enterprises must adopt robust frameworks like NIST or ISO 27001 as their security foundation. These frameworks are designed to be comprehensive and risk-based, addressing a wide array of security controls that satisfy multiple regulatory requirements simultaneously. This eliminates redundant effort and frees IT teams to focus on impactful security work.
To make this practical, leverage automation and centralized governance. Use tools and technologies like SIEM or GRC that continuously monitor compliance posture in real-time, freeing human teams from manual audits. This strategic shift transforms security from a reactive cost center into a business enabler, allowing the enterprise to operate compliantly and securely in any market.
TechGraph: ManageEngine serves a very diverse customer base across industries and geographies. From your experience, what patterns of security challenges cut across sectors, and where do you see the most urgent need for innovation?
Subhalakshmi Ganapathy: Across a diverse global customer base, a universal pattern of security challenge is that the sheer volume of security data, compounded by a severe skills shortage, overwhelms IT teams, leading to high false positives and alert fatigue. The most urgent need for innovation is not more tools, but security tech stack consolidation. We need to move beyond fragmented products to a unified security platform that brings more visibility and context to security data. This single platform should natively integrate core security functions like risk and policy management, data security, monitoring, and XDR, and apply AI layered over it for effective realisation.
This is one of the compelling reasons for us to evolve from a solution-based approach to platformization. Our unified security platform natively combines risk management, policy management, data security, monitoring, and XDR. This eliminates the tool-hopping and siloed data that exhaust security teams, providing a single pane of glass to view and manage threats across your entire hybrid environment.
Another challenge is the overwhelming volume of false alerts, a critical drain on security teams. The solution lies in advanced analytics powered by AI, which enriches security data and intelligently filters out the noise. This transforms a team’s focus from benign alerts to high-priority signals. To ensure a balance between speed and control, a Human-in-the-Loop (HITL) framework is essential. While automation handles the scale of data, human experts retain the final say, turning security from a reactive chore into a strategic, intelligence-driven function that truly protects the business.
