CyberArk has announced the early availability of its new Secure Workload Access Solution, designed to provide comprehensive protection for machine identities in hybrid and multi-cloud environments.
Unveiled on Friday, the Sydney-based announcement outlines how the CyberArk Secure Workload Access Solution aims to deliver visibility and control over the entire lifecycle of machine identities—ranging from creation and governance to automated credential rotation and renewal.
According to the company, machine identities are rapidly multiplying in modern cloud-native architectures. These identities include automated processes, applications and workloads, all of which require secure authentication and access controls. Unlike other solutions that focus on specific identity types, CyberArk says its approach will apply a universal, layered model of protection.
"Modern, cloud and ephemeral workloads mean authentication can be fragmented, making access control challenging and resulting in a large, unprotected attack surface that dramatically increases the risk of breaches," said Kurt Sand, General Manager of Machine Identity Security at CyberArk.
He added: "Recent high-profile attacks have highlighted the urgent need for a modern, identity-first model that enforces universal and unique workload identities to help organisations confidently secure workloads across their entire hybrid and multi-cloud estate."
A key component of the Secure Workload Access Solution is the CyberArk Workload Identity Manager, a lightweight and cloud-native issuer of machine identities. This tool is designed to go beyond the capabilities of traditional Public Key Infrastructure (PKI) systems, which often fail to scale to the needs of cloud environments where workloads are dynamic and short-lived.
The new solution integrates the Workload Identity Manager with CyberArk's Secrets Manager, offering secure access management for all workloads as organisations expand their use of cloud-native and containerised technologies.
CyberArk says the Secure Workload Access Solution will also allow workloads operating in virtualised environments to be automatically identified and securely connected to cloud services. This includes support for Kubernetes and service mesh, enabling real-time protection for dynamic cloud-native applications.
The system offers several core capabilities, including the secure connection of on-premises and cloud workloads using SPIFFE (Secure Production Identity Framework For Everyone) identities. These identities are both unique and universal and are designed to work in conjunction with existing applications, identity systems, cloud platforms and software-as-a-service tools.
The platform also supports integration with secrets management, enabling authentication via API keys, access tokens and other confidential information.
In addition to access control, CyberArk has expanded its discovery and context capabilities. These features will help security teams begin modernising their approach to workload authentication by identifying and evaluating the risks associated with unprotected machine identities.
"These automated capabilities help teams generate an inventory of secrets, certificates and information about their environment, understand the risk of compromise tied to each machine identity and prioritise mitigation actions," the company stated.
According to CyberArk, the discovery tools are designed to provide contextual insights, allowing organisations to detect threats, enforce policies and prevent unauthorised access more effectively.
While the Secure Workload Access Solution is currently only available to select customers through an early availability program, the company suggests its full release will offer new tools for enterprises aiming to secure an increasingly complex and automated digital landscape.
The launch reflects CyberArk's broader identity security strategy, which the company says focuses on intelligent privilege controls across human and machine users.
