In this episode of theCUBE + NYSE Wired: Cyber Security Leaders series, Art Gilliland, chief executive officer of Delinea, joins theCUBE’s John Furrier to discuss the critical shift from traditional perimeter defense to identity-centric security. Gilliland explains why identity has become the primary target for adversaries who now "log in" rather than break in, and how the explosion of machine identities – driven by AI agents – is complicating the zero trust equation. The conversation unpacks Delinea’s strategy for unifying security policies across both human and non-human identities, ensuring organizations can maintain resilience without stifling innovation.
They delve into the practical application of ephemeral access and just-in-time privileges, highlighting how Delinea’s recent acquisition of StrongDM is helping bridge the gap between strict IT governance and developer workflows. Gilliland shares insights on the "secret sauce" of embedding security directly into infrastructure-as-code and DevSecOps processes, allowing for real-time, context-aware authentication. From internal AI adoption strategies to securing dynamic cloud environments, this interview provides a roadmap for navigating the convergence of AI, identity management and platformization in the modern enterprise.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
theCUBE + NYSE Wired: Zero Trust Cyber Series. If you don’t think you received an email check your
spam folder.
Sign in to theCUBE + NYSE Wired: Zero Trust Cyber Series.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For theCUBE + NYSE Wired: Zero Trust Cyber Series
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for theCUBE + NYSE Wired: Zero Trust Cyber Series.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
theCUBE + NYSE Wired: Zero Trust Cyber Series. If you don’t think you received an email check your
spam folder.
Sign in to theCUBE + NYSE Wired: Zero Trust Cyber Series.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to theCUBE + NYSE Wired: Zero Trust Cyber Series
Please sign in with LinkedIn to continue to theCUBE + NYSE Wired: Zero Trust Cyber Series. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Art Gilliland, Delinea
Inna Tokarev Sela is the CEO and founder of Illumex. The platform enables companies to extract value from structured data, creating a virtual semantic graph for users to interact with in natural language. Illumex focuses on contextualizing data in real-time and offers built-in governance features. By partnering with major data platform providers, Illumex has increased data usage for customers. The company has raised $13 million and has a diverse workforce. Inna's leadership style is described as empathetic. Illumex envisions a future where data interactions are seamless and efficient. Overall, the company aims to lead the industry towards a more streamlined application-free future.
In this episode of theCUBE + NYSE Wired: Cyber Security Leaders series, Art Gilliland, chief executive officer of Delinea, joins theCUBE’s John Furrier to discuss the critical shift from traditional perimeter defense to identity-centric security. Gilliland explains why identity has become the primary target for adversaries who now "log in" rather than break in, and how the explosion of machine identities – driven by AI agents – is complicating the zero trust equation. The conversation unpacks Delinea’s strategy for unifying security policies across both human...Read more
exploreKeep Exploring
What is the focus of the discussion regarding cybersecurity in the context of recent trends and challenges?add
What is the focus of Delinea in terms of enterprise security and how has the topic of identity evolved in relation to cybersecurity challenges?add
What impact do machine identities, particularly those associated with AI, have on the principles of zero trust and identity management?add
>> Welcome back around The Cube here at our NYSE studios. Of course, we have our Palo Alto studio connecting Wall Street and Silicon Valley. I'm John Furrier, your host. This is our Cybersecurity Leader series, Zero Trust. As cybersecurity and the defense and resilience all are part of this new normal we're in with the AI age. New things are upon us, but yet the game is still the same. Securing the enterprise, securing our critical infrastructure is the name of the game. Art Gilliland, CEC of Delinea is here. Thanks for coming in. Appreciate you.
Art Gilliland
>> John, thanks for having me.
John Furrier
>> So cybersecurity is a game that never stops. In that arena, it's been a defense. Ransomware has been dominating. Everything about it has been a threat. The data explosion benefits both parties, the good guys and the bad guys. You guys are in the middle of it. Explain what you guys do first, because I want to get into some of the market factors, but explain what you guys do.
Art Gilliland
>> Yeah. So Delinea is focused on securing the identities in an enterprise. And so we started as traditional PAM technology focused on IT admins, but now we've expanded that to broader identities across the board from human to machine identities and now of course AI.
John Furrier
>> One of the hottest topics in the cyber series of leaders is, okay, how do I maintain my posture on security and bring in the innovation? And all the normal stuff comes, oh yeah, we're going to use AI. And agents are looking really good right now in security, got the workflows identified. Compliance, all these things that have been around. But identity is the number one thing that everyone hones in on because that's where governance is. That's where some of the scale kicks in. What's your reaction to that? What's your vision around how identity is more than just a point solution and more of an enabler?
Art Gilliland
>> Right. I think it's interesting if you look at sort of the evolution of security and the way that companies have dealt with it. They started with firewalls and then put more endpoint security. And the reality is those tools are actually pretty good at blocking the bad guy from getting in. And so what the adversary does, because they're a market as well, just like us, they said, "Okay, well, what's the cheaper, easier way to do that? I'm going to trick you to give me your password." And so that benefits them in a couple of ways. One, it's way cheaper to log in than it is to break in. So bad guys don't break in anymore, they just log in. The second thing is, if you log in with a real credential, you're basically invisible in the enterprise. And so you can spend a long time in there stealing stuff, looking around. And so I think what a lot of companies are realizing is, the adversary has moved to this identity security or identity landscape. And so identity security has just become a top priority for them. And so the investments are really moving there in the enterprise. And so for us, we've spent our entire sort of life cycle as a company focused on this problem of helping customers not only understand where their identities are, where all these accounts are, scanning the environments, but also sort of building capabilities that go from the traditional infrastructure on premise in the sort of data centers that people own, to cloud and now to SaaS technologies. And so you see that sort of broad expansion. It's one of the reasons we acquired this company Strong DM or in a practice to try to acquire them. Obviously we're in regulatory review now. And so building out that capability to just help them with the process
John Furrier
>> Well, you guys are in the sweet spot because identity is the hacker target of choice, because like you said, they log in. And also identity is also part of the scale piece because you have identity, you have agents now that are going to need identity. You have identity systems that have been traditionally fragmented by platforms. So you have that mashup of platforms. What's the customer view here? What's the psychology mindset of the customer and what are they doing from a systems perspective to try to change that? Is it unification? Is it integration? What are some of the key things happening?
Art Gilliland
>> Yeah. So I think some of the things they're saying is, okay, now I've got all these machine identities. Now I'd better go pay attention to those. And of course, AI is driving a lot of attention on that. And so first thing they're doing is trying to figure out where all that stuff is. So that's sort of primary, number one thing that they're trying to do. And then they want to put policy and take control. And I think this is, to your second part of the question, which is really, how are they expanding sort of the use because they have lots of different tools. Some of them for humans, some of them for machine. And so you see consolidation in this market too and building sort of people... The big argument is platformization. And so you're creating identity security platforms that control across all of those. You can set one policy across human and non-human identities.
John Furrier
>> How has the non-human or machine identities changed zero trust equation?
Art Gilliland
>> Yeah. So zero trust, one of the big things about zero trust is making sure you're always authenticating. You basically don't trust any of the things and the identity has to say, "Hey, I am art." And they have to keep proving that over and over again. And so machine identities are exploding that. And it's not just machine like the service account, like an API talking to another API, but now it's AI doing that as well. And so AI kind of changes the game a little bit for machine identities, because now it's attaching to a database and then it's processing information and making a decision and then touching a workflow application. And so these AI agents, these machine identities are behaving like privileged users, behaving like humans essentially. And so now the identity rules have to be different there. It's not just a static identity. It's now a need to be dynamic.
John Furrier
>> When I hear rules, I hear static, I hear a table, this person has access to these databases. In the generative process, now we have agents, you don't know what the prompt or query will be, it's generative. So you have to be kind of always on with identities. What's that mean for practical sense?
Art Gilliland
>> Yeah, it means that your identity systems have to be just in time. They need to be just in time. They need to be just enough, so I give you just enough privileges. They also have to be very context specific. Why are you asking for this access? What are you going to do with it? And then you have to monitor while it's happening, are you actually doing what you said you were going to do? And so there's this whole process of trying to become as thoughtful and smart as these agents are, as part of the identity security systems.
John Furrier
>> Yeah, to me, that sounds very complicated. I mean, enterprise is complex and also brittle with the systems that are out there. How do you guys make that easier? What's the blueprint for real time identity management around these use cases that you never know. By the way, agents are going to be acting on behalf of users too, especially in security and scenarios.
Art Gilliland
>> I mean, there's two parts of it. There's the technology part of it, which actually isn't that complicated. It is actually using AI. And so I'm going to touch your ticketing system. I'm going to ask the user to tell me why it wants the access it wants. And then I'll match that and then I'll monitor the system and I'll say, okay, are they actually doing what they say they're going to do? And if they aren't, I'll stop it. And if they are, then I'll just record it and put it in a regulatory sort of bucket. That's the 'easy part' technologically, we already do some of that in the platform and AI is helping us do that faster and smarter. The other side, which is more complicated, is human side. And that's like the company being more comfortable that the system is going to make decisions that you used to have a human do. And the challenge for most companies is, when you put a human decision point in the process all the time, it'll just be way too slow to combat the AI attack kind of vectors that are coming. And so it's getting comfortable on the human change management side because the technology is not that complicated.
John Furrier
>> You know Art, we were talking before we came on camera about how long we've been in the industry. You've seen many waves and we saw the first wave, paper to the internet, SaaS and cloud.
Art Gilliland
>> Exactly.
John Furrier
>> You call that a generation. Put that aside. Now we're in the, okay, transformers, LLMs, frontier, multimodal, agents and autonomous. That's another generational shift.
Art Gilliland
>> It's going to be huge.
John Furrier
>> This one is obvious. There's no real strategy risk. It's just everyone needs to have AI, but execution risk has come up as a theme we expect this year to be a big topic. What does that mean from a data standpoint, as autonomous comes online, because agents are going to usher that in. Then you've got physical AI that converges between humans and digital, which you guys are talking about between humans and machines identity. What does that mean from a data standpoint? Because now you have a data equation that changes. How do you guys see that and how do you talk to your customers about this?
Art Gilliland
>> Yeah. I mean, I'll step back and say, look, I'm a CEO of a company also. And so one of the things that we're telling and I'm pushing on is, I see how much business benefit AI can bring to my company. And so I'm pushing our company very heavily into, let's do this. Let's get into the AI. Let's use it to automate our own environment. That means that my security team has got to think about, well, how do I deal with that? And so we look a lot like our customers are where the business people are pushing hard on it. And so then there's a balance of risk. And so I think in our world, the only way we can balance that risk, I think is to automate a lot of this. And that means we've got to bring tools in to protect ourselves that have AI as a part of that. And so there's governance processes we have to go through and that's kind of the people part of it. But then it's like implementing and adopting this technology because I think if you don't, the people that do are just going to be so far ahead, that it's going to be hard to catch up as a company. And so you've got to kind of put risk on to do that.
John Furrier
>> It's interesting as an organization, you're a vendor, you have a supplier and a vendor for your customers. In the old model, people would make software and would sell to an environment that they weren't necessarily experts in. Andy Jassy and Amazon used to have this narrative he would pound every year at this event. You've got to be what you want to be, get involved. Jensen Wong recently said AI adoption is critical. So this trend is, the suppliers and the vendors have to be what the customer is.
Art Gilliland
>> That's right.
John Furrier
>> In this case, you're adopting security in house. It's not just dog fooding, it's actually, you've got to know what you know if you're going to sell to that market. And so we have this flywheel of adoption.
Art Gilliland
>> That's right.
John Furrier
>> It's become really important. How is that translating to customers? Because they're already in the business. They make the security work.
Art Gilliland
>> That's right.
John Furrier
>> You're supplying product. How has this new AI adoption flywheel kicked in from your view?
Art Gilliland
>> I mean, it helps us have better conversations. So if we're going through the same sort of transformation, whether it's, I have my on premise environments and I'm going to cloud, or I am on the verge of collecting and using all of this AI in my environment, what are we doing to secure it? How do I make sure my developers are secure? I look like my customers. And so when I'm talking to them about what we do internally, it's more of a user to user conversation, not a vendor, my product, let me sell you this widget. It's, here are the problems I faced and here's how we're solving them. And that conversation is just more valuable. And also-
John Furrier
>> Because you live the same problem.
Art Gilliland
>> Well, and there's good and bad stuff. Sometimes our products do things that we're not expecting. And one of the reasons I love to talk to my customers is they always use technology in ways you don't expect. And so it drives more innovation and it just makes us a better partner.
John Furrier
>> On the people side of the equation, as people realize that it's going to be a one to many relationship with technology, specifically agents, we see the agent adoption in the security area, in the cybersecurity area as two years ago. Agents are all hyped, now you're seeing that last year at RSA and Black Hat, they're locking into workflows because they do have workflows.
Art Gilliland
>> Right.
John Furrier
>> They have end-to-end workflows.
Art Gilliland
>> That's right.
John Furrier
>> They're dealing with generative use cases. They're actually adopting agents.
Art Gilliland
>> Most definitely.
John Furrier
>> What is your view of the state of the agent side of security, where it's winning, working, where it's kind of still developing?
Art Gilliland
>> Right. I think there's two places where I see AI coming in. They talk about agents. Some of it is built into the product, right? And so we've built AI into the technology. It takes actions for customers, it does those things. We'll talk about it as an agent, but it's not really. It's my product and it's AI empowered, right? And so there's not a lot of security that my customers are going to need to do on that. That's my job to make that secure. So whether that's ServiceNow or Salesforce or whatever, it's AI built in. What we're also seeing though, and I think this is where the innovation is, it's where I think the drive of security adoption for the technologies that we have are, is when developers within companies are building automation around processes that exist. And those agents need security. Those agents have identity, they have access to a bunch of other things, and they basically are orchestrating between different systems. That's what I see happening now. There was AI in the product, which we have done and do and deliver for our customers, but now companies are already building that automation agents, those connections, and automating workflows they had before. Those are the agents that I see happening today that just didn't exist a year ago.
John Furrier
>> Talk about ephemeral access, because this is one of the drivers from AI we're seeing. You mentioned strong DM and acquisition you guys recently made. What is ephemeral access? Define that term. Explain what it is.
Art Gilliland
>> Yeah. So if you think about what happens in a lot of the environment, if you have traditional environment that's a static server or application, those pieces. In the cloud with Kubernetes as a technology that spins up or spins down, you may have a thousand servers spin up. You may have 500 servers spin up and then they are there for a minute or an hour or whatever, and then they go away. That system, that environment of spinning up and being there for a while and then disappearing is ephemeral. Those things don't, they don't last for a very long time. But when those things spin up, if they're connecting to other devices or other systems or going to take an action, they need access at that moment. But what you don't want is for there to be an account that is permanent. You want that access to exist only when it's needed and then disappear so that someone can't steal that password and use it when the system's not there. And so ephemeral access is essentially the spin up of that system, that system asks for permission to do something. We decide whether it's allowed to based on what its request is, what the sort of rights that were supposed to be there, and then we give it the ability to make changes or make access happen at that moment. And then when it's done, it goes away. And that's what ephemeral access is. It's delivering at the time of use, based on a bunch of contextual data. And then when it's gone, that account and that right just disappears completely.
John Furrier
>> And that's the benefit of cloud and that's the benefit of this new environment.
Art Gilliland
>> Well, and that's just the new way of developing software and Kubernetes and the pieces. And so being able to create that access. And so what StrongDM is giving Delinea is that not just the technology to be able to do that, but also the interface for the developers. I believe that the developers are going to be driving adoption of AI agents and environments. And so you want to be able to fit into the way they work and they workflow. And StrongDM just gave us the interface and the workflow that was really assigned to developers, where Delinea had a very strong presence with the IT admin and the traditional infrastructure.
John Furrier
>> I first of all love cloud. I've been a big fan of cloud from day one. Still love it. And what I loved about it was the simple analogy of the e-commerce. Oh, you've got Black Friday, you get the surge, you spin up machines. You're getting at something that's really a runtime characteristic of AI, which is at any given time, something's going to happen from a resource perspective.
Art Gilliland
>> That's right.
John Furrier
>> Runtime, I call it runtime, but maybe that's a bad word, but it's running.
Art Gilliland
>> But it's true.
John Furrier
>> It's happening. It's real time. There's a use case. There's an application tied to it. That's going to require software. So I have to ask, in your model, what's the secret sauce? How would you describe the secret sauce? Because again, not to oversimplify it, but it sounds complex. Now there's a lot of things going on when you spin up a Kubernetes set of clusters-
Art Gilliland
>> That's right.
John Furrier
>> Because it's enabling apps to run on resource, basically. What's the secret sauce of Delinea?
Art Gilliland
>> Yeah. I mean, the infrastructure is code, which is that sort of, somebody's writing it, it spins up and it's there for a bit and it's been designed and architected in software. Our secret sauce is we're built right into that workflow. And so the request is simple. The context that it's gathering to decide should I or should I not allow this access to happen is built into the way the software works. So we don't disrupt your workflow. We don't just disrupt the way the developer codes. We don't disrupt the way the infrastructure works, but we're making it super secure because the passwords are not... You can't steal them, you can't scan the code to find them, they deliver it at the time in context. And so I think that's the secret sauce that really helps companies.
John Furrier
>> And give some examples of some customers you worked with lately that are on the edge here, that are harvesting the benefits of your value. Give some use cases.
Art Gilliland
>> Yeah, some of the use cases... So if you are ... Again, a lot of it's around AI. And so you look at some of the investments that companies have. They have a portfolio of assets that they think are protected, that are what I would call traditional. But then they're also now building and connecting those traditional assets to a new agent or a SaaS tool. And so the ability to sort of do a policy one time and have it be for traditional infrastructure as well as for their cloud infrastructure from one interface, just makes the control really powerful. The other thing that I would say is a super benefit that companies are dealing with is, they want to expand what they used to do and set policy for the IT admin, and they want to expand that to developers. So I have a whole community of engineers that are building stuff. That workflow's so different. They used to fight. So it was a big battle. And so what we're helping companies do now is say, look, you can set policy that was similar for the IT admins. Now you can set that policy for developers, but there's less friction, and so adoption happens.
John Furrier
>> So would it be safe to say that you connect the infrastructures code DevSecOps with AI native?
Art Gilliland
>> That's correct. That's correct.
John Furrier
>> Okay. So put a plug in for the company, what you're working on, stats, customer numbers, what you're optimizing for, what's your focus?
Art Gilliland
>> Yeah. So Delinea is a identity security company, as we talked about. We've got about 500 million in revenue, about 1,200 employees globally. We serve about 9,000 customers all the way from tiny little mom and pop shops with the same product, all the way up into the super large sort of Fortune 10, if you will, of customers. And so that flexibility and ease of use has really been the driver for our business. What we're focused on now is making sure we're a single platform to set policy once across the legacy infrastructure you have, all the old versions of Linux, all the way up to the brand new sort of AI agents that are out there, and then building AI underneath that, so that you can make automated, contextually relevant decisions on whether it should happen or not, and then monitor in real time whether the actual right things are happening. So to protect your environment in a more automated way.
John Furrier
>> Awesome. Well, thanks for coming in. I know you;ve got a busy year. Any events you're hitting this year you want to put a shout out for?
Art Gilliland
>> Obviously we'll be at RSA. Hopefully we'll get another chance to talk at RSA on The Cube and then Black Hat and some of the other big events, but we're globally sort of interacting with customers all over the place.
John Furrier
>> Awesome. As unification comes in, the cybersecurity leaders are all putting their plans in place. AI is an opportunity, but also just a double edged sword. If you don't get it right, you could be on the wrong side of history. And again, a lot of people are bringing out new solutions. Check it out, unification, these platforms. Identity is at the center of all the agents. Take a hard look at that. I'm John Furrier, host of The Cube. Thanks for watching.
John Furrier