Machine identities proliferate in cloud-native architectures, including applications, workloads, and automated processes. Unlike solutions focusing on singular machine identity types, CyberArk's layered approach will enable organizations to enforce least privilege, mitigate risk, and prevent credential-based attacks for all workloads across hybrid and multi-cloud environments.

In addition, CyberArk has extended its discovery and context capabilities, designed to help security teams take the first steps to modernize workload authentication by assessing, understanding and eliminating risks tied to unprotected machine identities. These automated capabilities help teams generate an inventory of secrets, certificates and information about their environment, understand the risk of compromise tied to each machine identity and prioritize mitigation actions.

"Modern, cloud and ephemeral workloads mean authentication can be fragmented, making access control challenging and resulting in a large, unprotected attack surface that dramatically increases the risk of breaches," said Kurt Sand, GM of Machine Identity Security at CyberArk. "Recent high-profile attacks have highlighted the urgent need for a modern, identity-first model that enforces universal and unique workload identities to help organizations confidently secure workloads across their entire hybrid and multi-cloud estate."

The core of the Secure Workload Access Solution is CyberArk Workload Identity Manager. This lightweight, distributed, and cloud-native machine identity issuer goes beyond traditional Public Key Infrastructure (PKI) systems that cannot scale to the needs of ephemeral cloud workloads. The new solution will integrate Workload Identity Manager with CyberArk Secrets Manager, enabling secure access for all workloads as cloud-native and containerized environments grow.

The CyberArk Secure Workload Access Solution will allow workloads running in virtualized environments to be automatically identified for access to cloud services and cloud provider environments, securing dynamic, cloud-native workloads like Kubernetes and service mesh. It will provide the capability to:

• Securely connect on-premises and cloud workloads across environments with unique and universal SPIFFE2 identities that work with existing identities, applications, clouds and SaaS services.
• Integrate seamlessly with secrets management for existing API key and access token authentication, as well as other secrets.
• Discover and assess risk across all workloads, making it easier to detect threats, enforce security policies and prevent unauthorized access.

Further information:

• Learn more about the CyberArk Secure Workload Access Solution
• Join CyberArk's Secure Workload Access Partner Program
• Blog: CyberArk's Vision to Pioneer Secure Access for Workloads
• Blog: Discovery Alone Is Not Enough: You Need Context to Secure Machine Identities

1The CyberArk Secure Workload Access Solution is currently in early availability. An early availability program enables select customers to access technologies before they become generally available.
2Secure Production Identity Framework For Everyone (SPIFFE).

About CyberArk

CyberArk (NASDAQ: CYBR) is the global leader in identity security, trusted by organizations around the world to secure human and machine identities in the modern enterprise. CyberArk's AI-powered Identity Security Platform applies intelligent privilege controls to every identity with continuous threat prevention, detection and response across the identity lifecycle. With CyberArk, organizations can reduce operational and security risks by enabling zero trust and least privilege with complete visibility, empowering all users and identities, including workforce, IT, developers and machines, to securely access any resource, located anywhere, from everywhere. Learn more at cyberark.com.

Copyright © 2025 CyberArk Software. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.