Identity Security ProTalks
Adjust the vertical spacer by editing the class "spacer-X" where X = 0 (none) thru 5 (most)

Secrets Management Horror Stories from the Field: Four Compliance Pitfalls Organizations Can't Ignore

Banner Image
Adjust the vertical spacer by editing the class "spacer-X" where X = 0 (none) thru 5 (most)
Calendar icon March 10
Clock icon Americas: 2PM ET | EMEA: 3PM CET | APAC: 11AM SGT
Adjust the vertical spacer by editing the class "spacer-X" where X = 0 (none) thru 5 (most)

DORA, NIS2, and the UK's CAF v4.0 are all converging on the same uncomfortable question: "Can you prove which machines accessed what resources, when, and why?" For most organizations, the answer is no.

From hands-on work with customers across EMEA, our security services team has identified four practices that put organizations most at risk when facing regulatory scrutiny under DORA, NIS2, and the UK Cyber Assessment Framework:

  • Asset inventories that overlook machine identities – ICT registers list servers and applications but can't account for the 82:1 ratio of machine identities authenticating across them.
  • Access controls that stop at the human perimeter – MFA and SSO protect workforce access while service accounts and API keys operate with static, long-lived credentials and excessive privilege.
  • Vault sprawl with no unified governance – Different teams adopt different secret stores across AWS, Azure, GCP, and on-premises, each with inconsistent rotation, retention, and audit practices.
  • Third-party credentials no one owns – External integrations use static tokens created years ago with no visibility into which vendors have access to what.

For each, our EMEA security services team will share real-world stories of how these gaps become audit findings—and the field-tested solutions leading organizations are adopting to close them. You'll learn why regulators across frameworks are converging on the same questions about non-human access, and how centralized discovery and governance satisfies multiple compliance requirements without disrupting how developers work.

  • Why machine identity gaps create immediate compliance exposure under DORA, NIS2, and CAF
  • Four real-world pitfalls we see in customer environments—and proven ways to fix them
  • How centralized secrets governance helps organizations satisfy multiple regulatory frameworks from a single approach
Presenters:
Speaker Photo

Joe Garcia

Principal Product Marketing Manager, CyberArk
Speaker Photo

Andrea Cappuccinello

Senior Manager, Security Services – DevSecOps, CyberArk
Speaker Photo

Robin Bria

Senior Security Consultant (DevSecOps), CyberArk

REGISTER NOW

Adjust the vertical spacer by editing the class "spacer-X" where X = 0 (none) thru 5 (most)
Adjust the vertical spacer by editing the class "spacer-X" where X = 0 (none) thru 5 (most)
About CyberArk
CyberArk, a Palo Alto Networks company, is the global leader in Identity Security, trusted by organizations around the world to secure human and machine identities in the modern enterprise. CyberArk’s AI-powered Identity Security Platform applies intelligent privilege controls to every identity with continuous threat prevention, detection and response across the identity lifecycle. With Identity Security, organizations can reduce operational and security risks by enabling zero trust and least privilege with complete visibility, empowering all users and identities, including workforce, IT, developers, AI agents and machines, to securely access any resource, located anywhere, from everywhere. Learn more at cyberark.com.
Block 1
editable text
Block 2 Top
editable text
Block 2 Bottom
editable text
grows to fill column
Block 3 Top
editable text
Block 3 Bottom
editable text
grows to fill column
Block 4
editable text