The Human Edge of AI: ManageEngine’s Subhalakshmi Ganapathy on Redefining Enterprise Security in the Cloud Era

Date:

Before Article Content · 728×90
Advertise Here

Trending

- Advertisement -

Speaking with TechGraph, Subhalakshmi Ganapathy, Chief IT Security Evangelist at ManageEngine (Zoho Corp), discussed how the rapid adoption of hybrid and multi-cloud environments is redefining enterprise security by introducing new layers of complexity and blind spots that traditional defenses often overlook, and how the company’s unified platform is helping organizations bridge these gaps to build more adaptive and resilient security frameworks across distributed infrastructures.

She also spoke about ManageEngine’s Human-in-the-Loop model, which combines intelligent automation with human expertise to detect anomalies faster, prevent data manipulation, and ensure that AI-powered security systems operate responsibly within enterprise environments.

Read the interview in detail:

TechGraph: With organizations embracing hybrid and multi-cloud environments at scale, what blind spots in IT security do you believe are most underestimated today, and how should enterprises realistically address them?

Subhalakshmi Ganapathy: The shift to hybrid and multi-cloud environments, while accelerating innovation, introduces significant, yet underestimated, security blind spots. The two most critical threats are misconfigurations going unnoticed and inadequate monitoring of user activities.

Misconfigurations arise from the complexity of managing disparate security settings across different cloud providers. The speed of development often outpaces security reviews, leaving countless vulnerabilities. Simultaneously, without a unified view, unmonitored user and service account activities—whether malicious or accidental misconfiguration—can go undetected, allowing for a breach to escalate rapidly.

- Advertisement -

To address these blind spots, enterprises must pivot from a fragmented to a unified security approach. This involves adopting a unified security console across their infrastructure, including on-premises and multi-cloud environment, for continuous, automated misconfiguration detection across all environments. Concurrently, a robust Zero Trust Architecture (ZTA) must be implemented to enforce the principle of least privilege and provide context-based access control, effectively securing the new perimeter—the user identity.

TechGraph: Ransomware has evolved from opportunistic attacks to highly targeted operations. From your vantage point, how are enterprises misstepping in preparation, and what countermeasures actually work beyond the usual playbook of backups and patching? 

Subhalakshmi Ganapathy: As ransomware shifts to sophisticated, agentic AI-driven operations, enterprises are misstepping by over-relying on traditional defenses. The biggest blind spot is failing to recognize that attackers now conduct multi-stage campaigns, including credential-stealing and information theft, before locking data. Relying solely on backups and patching is a reactive strategy against a proactive, decision-making threat.

The key to effective countermeasures lies in building true resilience. Beyond backups, this means adopting AI and behavioral analytics technologies that can detect subtle initial deviations from a baseline—such as anomalous file access patterns or unusual lateral movement—and proactively isolate the threat at its inception. Continuous monitoring and micro-segmentation are crucial to prevent an attacker from moving laterally and escalating privileges. This approach focuses on minimizing the “dwell time” of an attacker, turning a potential disaster into a contained incident by identifying the early warning signs that traditional defenses miss.

TechGraph: Identity has become the new perimeter in security conversations. How do you see the role of Active Directory and IAM solutions shifting in the next three to five years as insider threats and credential misuse grow more sophisticated?

Subhalakshmi Ganapathy: In the next three to five years, the focus will shift from simply controlling human access to a more sophisticated, holistic identity fabric that treats non-human identities—such as bots, service accounts, and API keys—as a primary security concern.

- Advertisement -

Current IAM technologies often struggle with the ephemeral and autonomous nature of non-human identities. With multi-cloud and hybrid architectures, these identities are frequently created with excessive privileges, have poorly managed lifecycles, and lack the multi-factor authentication (MFA) that human accounts are required to use. Attackers are increasingly targeting these blind spots, exploiting a single over-privileged service account to achieve lateral movement and escalate their privileges across the entire enterprise.

In the next four to five years, machine identity management (MIM), will become one of the core competencies of IAM. We might see the maturation of purpose-built platforms that discover, manage, and secure machine identities. These solutions will focus on automating the entire lifecycle of credentials like certificates and API keys, ensuring they are automatically rotated, have short-lived lifecycles, and are never hard-coded into applications.

TechGraph: Many enterprises still see security as a reactive cost center rather than a business enabler. How do you convince C-level leadership to view IT security as an investment that directly impacts growth, resilience, and customer trust?

Subhalakshmi Ganapathy: The notion of security as a reactive, rules-based exercise is a dangerous relic of a bygone era. In today’s digital economy, IT security is a strategic business enabler—a fundamental investment in resilience, growth, and customer trust. C-level leaders now understand that a proactive security strategy is a form of business insurance that safeguards against the catastrophic financial impacts of downtime, regulatory fines, and reputational damage. When security is embedded into every business process, it becomes the foundation for trust and a powerful competitive differentiator. 

Therefore, even some of the most impactful compliance frameworks—from GDPR to NIST—have evolved far beyond simple audits. They are holistic security mandates that require a proactive posture.

This new reality demands implementing proactive risk frameworks to identify and mitigate threats before they materialize. It requires a clear data breach notification and a robust resilience framework to ensure business continuity in the face of an attack.

Consequently, security can no longer be seen as a separate, isolated cost center. It is an integral business function, inextricably linked to revenue, reputation, and operational longevity. 

TechGraph: With AI-driven cyberattacks becoming more practical, how can enterprises balance leveraging AI for defense while ensuring they don’t end up creating new attack vectors within their own infrastructure?

Subhalakshmi Ganapathy: Enterprises face a dual challenge with AI: leveraging its power for defense while mitigating the new security risks it introduces. The balance lies in treating AI not as a black box, but as a critical infrastructure component that requires stringent governance and human oversight. LLMs, while a formidable technology for anomaly detection, also creates new attack vectors like data poisoning, where adversaries corrupt training data to manipulate a model, or model evasion, where they craft inputs to bypass its defenses.

To counter this, a robust framework is essential. It starts with meticulous data flow management and privacy controls, ensuring that the data used to train AI models is secured and anonymized. You can’t protect what you can’t see; therefore, complete visibility into the data pipeline is crucial to detect any unauthorized tampering.

The most effective strategy, however, is a Human-in-the-Loop (HITL) implementation. This approach ensures a human expert validates the AI’s high-stakes decisions. It’s the necessary balance between AI’s speed and human judgment, significantly reducing the attack surface and preventing catastrophic errors. This controlled approach turns AI from a potential liability into a truly resilient and trustworthy defense mechanism.

TechGraph: Regulations and compliance frameworks are multiplying across regions and industries. How can global enterprises practically balance compliance with actual security priorities without drowning their IT teams in checklists?

Subhalakshmi Ganapathy: The multiplying regulations across the globe threaten to drown IT teams in fragmented checklists. The solution isn’t adding more of them; it’s a fundamental shift from a one-time task to a continuous business function.

Compliance isn’t a destination—it’s an ongoing journey that requires dedicated investment in people and technology. Relying on a static, yearly audit leaves enterprises dangerously exposed to evolving threats.

To ensure true security, organizations must embed compliance as a core, continuous function. 

Global enterprises must adopt  robust frameworks like NIST or ISO 27001 as their security foundation. These frameworks are designed to be comprehensive and risk-based, addressing a wide array of security controls that satisfy multiple regulatory requirements simultaneously. This eliminates redundant effort and frees IT teams to focus on impactful security work.

To make this practical, leverage automation and centralized governance. Use tools and technologies like SIEM  or GRC that continuously monitor compliance posture in real-time, freeing human teams from manual audits. This strategic shift transforms security from a reactive cost center into a business enabler, allowing the enterprise to operate compliantly and securely in any market.

TechGraph: ManageEngine serves a very diverse customer base across industries and geographies. From your experience, what patterns of security challenges cut across sectors, and where do you see the most urgent need for innovation?

Subhalakshmi Ganapathy: Across a diverse global customer base, a universal pattern of security challenge is that the sheer volume of security data, compounded by a severe skills shortage, overwhelms IT teams, leading to high false positives and alert fatigue. The most urgent need for innovation is not more tools, but security tech stack consolidation. We need to move beyond fragmented products to a unified security platform that brings more visibility and context to security data. This single platform should natively integrate core security functions like risk and policy management, data security, monitoring, and XDR, and apply AI layered over it for effective realisation.

This is one of the compelling reasons for us to evolve from a solution-based approach to platformization. Our unified security platform natively combines risk management, policy management, data security, monitoring, and XDR. This eliminates the tool-hopping and siloed data that exhaust security teams, providing a single pane of glass to view and manage threats across your entire hybrid environment.

Another challenge is the overwhelming volume of false alerts, a critical drain on security teams. The solution lies in advanced analytics powered by AI, which enriches security data and intelligently filters out the noise. This transforms a team’s focus from benign alerts to high-priority signals. To ensure a balance between speed and control, a Human-in-the-Loop (HITL) framework is essential. While automation handles the scale of data, human experts retain the final say, turning security from a reactive chore into a strategic, intelligence-driven function that truly protects the business.

Stay ahead of the curve, every day.

A daily briefing covering news, interviews, and the trends driving the world forward. Curated for readers who want news, not noise.

We don’t spam! Read our privacy policy for more info.

- Advertisement -
Krishna Mali
Krishna Mali
Founder & Group Editor of TechGraph.

More Latest Stories

More Articles

StationPC PA100 Pro: The Next-Gen Portable NAS Storage Solution for On-the-Go Professionals

The next-generation PocketCloud (model: PA100 Pro) portable NAS from StationPC has officially been unveiled, following its launch on June 30, 2026. Positioned as a...

The Borderless Startup: FinStackk CGO Nithin Reddy on Simplifying Financial Operations for Global Founders

Speaking with TechGraph, Nithin Reddy, Co-founder & Chief Growth Officer at FinStackk, discussed how incorporating a business in the US has become increasingly accessible for global startups, while managing financial operations and regulatory compliance across fragmented systems continues to create operational complexity, and how...

The New Collateral in Lending Isn’t an Asset; It’s a Citizen’s Consent

Old habits die hard, and few habits in Indian finance have died harder than...

Why Do Most Enterprise AI Projects Never Make It Past the Pilot Stage?

Conceiving, developing, and implementing AI projects an optimum mix of creativity, dedication, and perseverance.

The Responsiveness Economy: DashLoc’s Sumit Singh on Redefining Customer Conversations with AI

Speaking with TechGraph, Sumit Singh, Co-Founder & CEO of DashLoc, discussed how businesses are...

How Generative AI Could Reshape Airline Distribution and Travel Retailing

Airline distribution is entering a new phase. For decades, the industry has relied on...

AI That Serves: Impact AI Foundry’s Arjun Balaji on Making Artificial Intelligence Accessible for Nonprofits

Speaking with TechGraph, Arjun Balaji, Co-Founder and Programme Director of Impact AI Foundry, discussed...

How AI Is Building India’s Next-Generation Emergency Mobility Infrastructure

Imagine this. A customer is stranded on the roadside due to a vehicle breakdown...

How Mixed-Use Ecosystems Will Shape the Next Decade of Urban India

India's urban growth story is entering a decisive phase. By 2036, nearly 600 million Indians are expected to live in urban centres, which are...

Human-in-the-Loop: Why AI in Education Still Needs the Professor

Generative AI is rapidly entering classrooms, boardrooms, and training programs. Yet a critical question...

Why Indian Men Are Quietly Moving Away From Fast Fashion

When a man opens his wardrobe, stares at a rail of clothes, and realises...

Simple Habits That Keep Your Car Running Longer

Keeping your car running longer doesn’t require expert-level knowledge—it comes down to building smart...

Why Indian Business Still Runs on Spreadsheets and WhatsApp for Treasury

India is home to one of the world's fastest-growing fintech ecosystems, projected to reach...

The New Age of Digital Assets: How Blockchain Is Redefining Financial Inclusion

Innovation is changing the nature of economic participation and making it more inclusive, especially with the development of blockchain technology. Blockchain technology introduces a...

The Efficiency Gap That Will Reshape Finance by 2030

Here is the number that should be keeping every CFO awake right now: 97% of finance teams have adopted AI. Yet 45% of financial leaders are still spending more than 60% of their time on manual tasks. That is not a technology problem. That...

The rise of tier-2 GCCs: How digital infrastructure is redefining India’s technology talent map

For the better part of two decades, India's Global Capability Centre (GCC) story was...

Nexchain AI Maps Its Final Path to Launch as $0.06 Token Presale Window Nears Its Close

Like a building project that moves from design to final inspections, the Nexchain AI...

Nexchain Rebuild Story Puts AI Layer 1 Development Back on the Crypto Presale Radar

Nexchain AI has brought its rebuild story back into focus as its AI Layer...

From IP to Global Leadership: Aum Ventures’ Chetan Mehta on India’s Next Deeptech Breakout Companies

Speaking with TechGraph, Chetan Mehta, Founding Partner at Aum Ventures, outlined why deeptech remains...

How Machine Learning Is Redefining Short-Term Borrowing for Tech-Savvy Consumers

Short-term lending has long relied on limited snapshots of a borrower’s history. That approach...

Why Players Buy LoL Boost and How the Process Works

If you’re researching why players buy lol boost, you’re usually trying to understand two...

India’s Air Crisis Needs a Deeptech Answer, Not a Consumer Gadget

Twenty years ago, an air conditioner in an Indian home was a luxury. Today...

India’s Cloud Cost Crisis: Why Startups Are Rethinking Their Tech Stack

Over the last ten years, startups in India have experienced an incredible boom driven...

Redrob AI Launches Professional AI Platform for India’s Workforce

In a bid to help students and professionals navigate an increasingly fragmented digital work...

Simple Habits That Keep Your Car Running Longer

Keeping your car running longer doesn’t require expert-level knowledge—it comes down to building smart...

“Budget should focus on reducing taxes on capital gains,” Says Abhishek Gupta of Hex N Bit

Speaking in the upcoming Union Budget 2021, Abhishek Gupta, Founder, and CEO, Hex N...

“China is a Global thief” Rep. Tom Rice on Uyghur Forced Labor Prevention Act

Speaking at the House on Uyghur Forced Labor Prevention Act, Rep. Tom Rice (R-SC)...

Nexchain Publishes New Roadmap as $0.06 Token Stage Continues

Nexchain has unveiled its updated development roadmap, providing the community with a clearer view...

Why Startups Are Turning to Virtual CFOs for Smarter Growth

​For a long time, finance leadership in startups followed a predictable path. Founders managed...

Why Indian Business Still Runs on Spreadsheets and WhatsApp for Treasury

India is home to one of the world's fastest-growing fintech ecosystems, projected to reach...

Key differences between a burner phone & prepaid phone

You may have heard both terms mentioned when it comes to protecting your identity....

Alphabet Discloses $2.14 Billion in Public Equity Holdings as of June 30

Alphabet Inc. disclosed $2.14 billion in equity securities held across 39 positions as of...

India to generate $100 bn from telephonic investments

India expects to attract $100 billion in investments in the telecom sector, a union...