Why enterprises need a cloud-native platform for compliance

Rajnish Gupta, Managing Director and Country Manager of Tenable India, has over three decades of experience in shaping enterprise security strategy across sectors, including finance, telecom, manufacturing, and the public sector. He spearheads Tenable’s mission in India—driving strategic initiatives, scaling operations, and helping businesses build cyber resilience in an increasingly cloud-driven world. His expertise spans the full spectrum of IT security, from breach prevention to threat intelligence, and aligns closely with the regulatory and digital transformation imperatives unfolding in the country.

In this exclusive conversation with Voice&Data, he dissects the evolving threat landscape across multi-cloud and hybrid environments, explaining why Indian organisations must urgently move beyond fragmented controls and adopt unified security frameworks. He discusses the critical role of visibility in managing cloud exposure, the pervasive risk of misconfigurations, and how Tenable’s cloud-native platform is helping enterprises eliminate blind spots—especially in the context of India’s Digital Personal Data Protection (DPDP) Act. Excerpts:

As cloud adoption accelerates across India, what security responsibilities remain with organisations under the shared responsibility model, and where do businesses often misunderstand their role?

Cloud service providers follow a shared responsibility model regarding security with their customers. The provider is responsible for securing the cloud infrastructure, including the physical security of data centres, network security, and the virtualisation layer. Conversely, organisations are responsible for securing their data, applications, and operating systems running on cloud infrastructure. This includes tasks such as configuring firewalls, setting access controls, and managing user identities and credentials.

How do multi-cloud and hybrid cloud environments complicate visibility and risk management? What strategies can help organisations maintain a robust security posture?

Cloud security becomes difficult in hybrid and multi-cloud environments because data is constantly moving and residing in different locations and formats. The more distributed and dynamic the environment, the harder it becomes to detect security gaps and respond effectively.

Many organisations struggle with cloud security simply because they do not fully understand the risks. Without that understanding, they cannot prioritise the proper security measures. Cloud security often takes a backseat to convenience. When organisations do not invest the right resources, they face blind spots in their attack surface.

Cloud security goes beyond compliance checkboxes or periodic audits; it is an essential pillar of organisational resilience and preparedness.

Misconfigurations remain a leading cause of cloud breaches. Why are they so widespread, and what proactive steps can organisations take to detect and address them before attackers exploit these gaps?

Cloud misconfigurations are like leaving the front door unlocked. They provide easy access points for attackers, especially when access controls are weak or storage is left exposed. Nearly every cloud breach begins with a misconfiguration, irrespective of whether it is excessive permissions, weak access controls, or unsecured storage. These mistakes act like open invitations for cybercriminals. Cloud environments are complex, and security settings can be easy to overlook. Without the proper guardrails, organisations unknowingly expose themselves to threats.

The key to preventing misconfigurations is automation. Organisations must deploy security tools that continuously monitor and correct these errors before they are exploited. Regular security assessments and adherence to best practices like least privilege access go a long way. The objective is to limit exposure and ensure that only the right people and systems have access. Cloud security is not something one can ‘set and forget.’ Organisations need to proactively audit their environments, enforce strong policies, and prioritise security from the start.

Cloud security works best when it is unified. Organisations must manage exposure, vulnerabilities, and access control together—minimising public exposure, patching critical flaws, and tightening permissions all strengthen cloud resilience.

Unfortunately, too many organisations handle cloud security in silos—identity, vulnerabilities, and configurations are managed separately, creating blind spots. A unified approach connects these dots and gives security teams a comprehensive view of risk. Given the problem set, organisations need tools that not only excel at securing cloud environments but also protect the data and AI resources residing within them.

How can organisations align their cloud security frameworks with India’s regulatory landscape, particularly the Digital Personal Data Protection (DPDP) Act and other compliance mandates?

Nearly every cloud breach—whether it begins or escalates—can be traced to misconfigurations, compromised identities, such as service, human, or system-based, or excessive permissions. In most cases, poor access controls and misconfigured cloud storage serve as the main entry points for attackers.

Organisations must therefore implement the necessary security controls to mitigate risks associated with cloud services and safeguard their infrastructure from potential attacks.

With ransomware and supply chain attacks increasingly targeting cloud environments, what best practices can help organisations strengthen their resilience and incident response strategies?

Organisations should prioritise a unified approach to cloud security, where exposure, vulnerability, and access control are managed holistically. Public exposure should be minimised, critical vulnerabilities patched promptly, and permissions managed carefully. Each action strengthens cloud resilience.

It is also vital to break down internal silos. Too often, identity, vulnerability, and configuration management are handled separately, which can leave critical gaps. Integrating these areas onto a unified platform provides a clearer risk picture, enabling security teams to act proactively rather than reactively. This approach allows organisations to move beyond reactionary fixes toward a comprehensive, forward-looking strategy.

Today, cloud security goes well beyond compliance checkboxes or periodic audits. It is an essential pillar of organisational resilience and preparedness.

What are the most significant gaps in cloud security awareness and preparedness among Indian enterprises, and how is Tenable helping businesses close these gaps while ensuring end-to-end risk visibility?

Silos, blind spots, and unresolved toxic combinations of highly critical vulnerabilities, publicly exposed assets, and overly privileged users represent the biggest gaps in cybersecurity today. Understanding these gaps, including knowing what data is at risk of being breached, is key to effectively addressing the highest-priority exposures.

Tenable Cloud Security offers an actionable platform that helps organisations rapidly identify and eliminate priority security gaps in the cloud. It remediates risky entitlements and vulnerabilities at scale—across public, private, and hybrid environments—and spans infrastructure, workloads, identities, and data. It also leverages AI to deliver insights into access, resources, and datasets.

The platform integrates with the Tenable One Exposure Management Platform to continuously manage exposure and pinpoint threats lurking on the attack surface.