Home Interviews “Privileged access must be scalable at the speed of cloud”

“Privileged access must be scalable at the speed of cloud”

In a recent interaction with CISO MAG, Nitish Kumar, CEO of Sectona, talks about the privileged access management (PAM) market, the trends in the space, and the plans of the company towards further expansion.

Sectona has been disrupting privilege access management with a global focus. The company helps enterprises mitigate the risk of targeted attacks to privileged accounts spread across data centers and the cloud. It delivers integrated privilege management components for securing dynamic remote workforce access across on-premises or cloud workloads, endpoints, and machine-to-machine communication.


Sectona with its light, integrated approach provides a single console for securing passwords and secrets in the embedded vault, secure access with cross-platform access technology & manage privileges over endpoints. The firm’s extended platform capability supports Just-in-Time privileged access for implementing zero standing privileges and provides automation capabilities with its built-in Privileged Task Automation and Account Lifecycle Management.

In a recent interaction with Augustin Kurian from CISO MAG, Nitish Kumar, CEO of Sectona, talks about the privileged access management (PAM) market, the trends in the space, and the future plans of Sectona. Kumar is also the co-founder of Sectona. He earned his bachelor’s degree in information technology from Mumbai University and MBA from Symbiosis Center of Information Technology. Kumar has more than a decade-long experience in the Identity Management & Cybersecurity field in capacities of consulting, marketing & business development.

When it comes to Privileged Access Management and the sudden rise in cloud adoption what’s the best possible way forward of securing privileged access to the cloud and employees working from home?  

Modern privileged access management starts with an assumption that every user is a remote user for an organization. Zero trust building blocks of continuous authentication and verifying the user, context-based privileges are required to secure modern privileged access. More and more customers are engaging with us in a conversation of delivering a frictionless experience for cloud infrastructure access.

When customers move to the cloud, they require technologies that provide an edge with automation and scale on demand. Legacy PAM solutions lack automation capabilities of discovery, cloud console management, security keys, etc.

Customers are engaging with more new age, and niche managed services providers for the cloud and primarily looking to secure and control privileged access from restricted locations for such users. We often get comparisons with native functionality provided by public cloud providers for access like AWS Session Manager. Such utilities lack PAM capabilities of managed passwords and session recordings as required.

Sectona is developed on a browser-first architecture without neglecting issues for enterprise-level users looking for sophisticated native access. So, whether you are securing remote privileged access or core privileged access, you can define your strategy and scale as you grow.

PAM and IAM is a mature market segment and what are the primary factors driving this demand during this pandemic?

PAM is a 20-year-old technology segment and fast-moving space, we find customer demand is primarily driven by digitization, adopting multi-cloud and regulatory issues.

In enterprise and government segments, there is increasing program maturity for IAM programs, and a security focus drives mid-market segments. Sectona collaborates with large service and consulting service providers, SOC, and MSPs to grow into these segments.

With the consolidation of competitors and several issues with legacy technologies existing for more than a decade, customers are looking to refresh the security layer with technologies that can scale with business requirements.

Technologies that are more integrated into the technology and security ecosystem are well accepted. Sectona collaborates with several global and region-specific IAM, MFA, and other security solution providers to bring a joint value proposition to customers.

It is estimated that the PAM market is a $2.2 billion market by revenue with a growth of up to $5.4 billion expected by 2025. Where do you see yourself and your company in 2025?

We have remained bootstrapped for the last four years and developed our niche as a boutique security solution company focused on customer value. We have moved to more than 50 employees with footprints in Eastern Europe, Middle East, Africa, and Southeast Asia and plan to increase service and sales force this year.

We have recently moved from a product-centric to a platform-centric approach and plan to spend more resources on developing this strategy.

This shift allows us to address adjacent markets of endpoint privilege management, DevOps Secrets management, and Privileged Access Governance. We are working towards penetrating our primary markets and investing in secondary markets for long-term growth.

Our ambition is to develop into an identity and privileged-focused security company. By 2025, we expect to gain 30-40% market share in our core markets, leveraging our components of Privileged Access Management, Endpoint Privilege Management, DevOps Secrets Management, or Access Governance.

Sectona was recently recognized by KuppingerCole as a Maturing challenger. It is pretty impressive that Sectona, in a span of three years, took on companies that have been in the space of PAM for over a decade. What were the key innovations and strengths that made Sectona stand out among its competitors?  

We have gradually built our credibility of delivering complex projects at startup speed and enterprise scale. Our thought process revolves around innovation-driven by value to customers. PAM solution purchasing is still dominated by on-premise or self-managed purchase models in our core markets.

There are growing signs of adoption via managed services and SaaS-delivered solutions, and we have plans to launch our SaaS offerings soon and are in the early design phases for this as of now.

Our experienced team and focus on differentiation with distinct competitive advantage have got us this far. For example, most of the competitive solutions require heavy appliance investments or heavy resources for deployment. Recent market trends are driven by huge demand from mid-market customers. Some of our tech strategies such as early alliance with Oracle combined with modern architecture have helped us reduce deployment overheads while delivering a scalable solution. When most of the companies are working to explore services-based architecture, Sectona has created an edge by building on such an architecture.

Sectona has a strong foothold thus far in India, Middle East, and African countries. How are the plans of the company towards further expansion to the rest of Western markets in Europe and North America going?  

There is initial hiring completed for South East Asia and Eastern Europe markets which are in line with our plans. You will find some movement in Australia by the end of this year.  We are in the process of defining our GTM for North America, but honestly, we’re trying some new things around our delivery methods and plan to leverage it for North America GTM.

How is Sectona staying relevant in a competitive market segment locally and in international markets?

Tech is always an unfinished problem. PAM or privilege management is a relatively large market segment dominated by standalone players and multi-product OEMs. We find a great niche in our browser-first technology along with GTM focused on customers embracing cloud & automation.

What lies ahead from the Sectona team in terms of company update and technology roadmap?

Sectona plans to work on a single stack integrated privilege management approach for protecting privileges across endpoints, applications, and workloads. With this vision, we have already launched the windows privilege management and privileged access governance components and soon will be launching our DevOps Secrets vault.

Further, Sectona plans to work on SaaS delivery models for our products by the end of this year.

Augustin KurianAbout the Interviewer

Augustin Kurian is the Assistant Editor of CISO MAG. He writes interviews and features.