IT Voice – What are the biggest cybersecurity challenges Indian businesses face today?
Rajnish Gupta – AI and cloud computing are evolving faster than users can educate and learn about them. But cybersecurity hasn’t evolved at the speed of the cloud. One of the biggest challenges is balancing the need to enter new technology markets with protecting those technologies. For example, Tenable’s recent Cloud AI Risk Report 2025, found that cloud-based AI is prone to avoidable toxic combinations that leave sensitive AI data and models vulnerable to manipulation, data tampering and data leakage. Cloud and AI are undeniable game changers for businesses. However, both introduce complex cyber risks when combined. The Tenable Cloud AI Risk Report 2025 highlights the current state of security risks in cloud AI development tools and frameworks, and in AI services offered by the three major cloud providers—Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure.
IT Voice – How has the rise of cloud adoption and remote work impacted cybersecurity strategies in India?
Rajnish Gupta – Increasing cloud usage has led to the “toxic cloud trilogy” a convergence of publicly exposed workloads, critical vulnerabilities, and over-privileged identities. Separately, each of these factors poses a security risk. Together, they create a scenario that warrants attention. In the cloud, publicly exposed workloads can function as beacons, accessible from the internet. Such exposure, even when unintentional, allows cybercriminals to identify potential entry points with ease. Add unpatched vulnerabilities into the mix, and the risk is amplified. These gaps create a straightforward exploitation pathway.
The third factor – over-privileged identities – further raises the stakes. When access permissions exceed what is necessary, attackers can move more freely across systems, accessing data and services with fewer barriers. This toxic cloud trilogy turns what might have been a limited security issue into a broader operational concern, allowing attackers to extend their reach if they gain access.
IT Voice – What are the most common vulnerabilities that organisations overlook, and how can they address them?
Rajnish Gupta – Approximately 70% of cloud AI workloads contain at least one unremediated vulnerability. In particular, Tenable Research found CVE-2023-38545—a critical curl vulnerability—in 30% of cloud AI workloads.
Implement a contextual approach to identifying exposures across your cloud infrastructure, identities, data, workloads and AI tools. Continuously monitor all assets, and integrate security configurations both on-prem and in the cloud. Achieve total visibility and prioritise actions across the attack surface with exposure management and CNAPP to better manage risk as environments change and AI threats evolve.
IT Voice – With India’s evolving data protection laws, how should organizations align their cloud security strategies?
Rajnish Gupta – Nearly every cloud breach initiation or escalation stems from misconfigurations, compromised identities (whether service, human, or system-based), and excessive permissions. In most cases, weak access control and misconfigured cloud storage are cybercriminals’ common entry vectors.
Therefore, organisations must establish necessary security measures to address the risks that cloud services pose and to safeguard their cloud infrastructure from any plausible attacks.
IT Voice – How can businesses proactively manage cyber risks and improve security visibility?
Rajnish Gupta – Adopt a robust exposure management platform. It is the foundation for identifying vulnerabilities, prioritising remediation, and streamlining security operations. Exposure management provides unified visibility, insight, and action across the entire attack surface, isolating and eliminating high-risk cyber exposures in IT infrastructure, cloud environments, or critical systems.
Bridge security silos, uncover risk relationships and ensure that priority exposures are identified and addressed before they spiral into full-blown attacks. As a preventive security strategy, exposure management proactively mitigates threats, reducing the likelihood of large-scale cyberattacks and strengthening overall resilience.
IT Voice – How is Tenable helping businesses strengthen their cybersecurity posture in India?
Rajnish Gupta – Tenable’s exposure management platform, TenableOne, goes beyond traditional vulnerability management by providing a comprehensive view of an organisation’s security risk. It identifies and assesses misconfigurations, entitlement flaws, and software weaknesses, offering a complete contextual understanding of the attack surface.
It incorporates both technical and business context into remediation decisions and leverages attack path analysis, asset criticality, and toxic combinations, to help prioritise the threats that pose the greatest risk to businesses.
IT Voice – What are Tenable’s key focus areas for the Indian market in the coming years?
Rajnish Gupta – Our integration of Vulcan Cyber will create new opportunities across a similar security audience to that of Tenable today. This will enable our partners to sell the capabilities offered by Vulcan Cyber focused on helping organisations gain visibility and control across the entire attack surface, prioritise risk based on contextualised and enriched intelligence, foster collaboration among security teams and remediation owners using automated workflows and remediation guidance and remediate more (and more relevant) findings.
IT Voice – How does Tenable differentiate itself in the competitive cybersecurity space?
Rajnish Gupta – Tenable integrations with leading technology providers create the world’s richest set of exposure data enabling users to analyse, gain context and take decisive action to better understand and reduce cyber risk. Some of these partner integrations include AWS, ServiceNow, Splunk and BeyondTrust.
We anticipate that Vulcan Cyber will give our partners another very compelling reason to sell Tenable One. Tenable will add more than 100 additional integrations, market-leading Cyber Asset Attack Surface Management capabilities, and streamlined remediation capabilities to our Tenable One platform.
