CIO Influence Interview with Gihan Munasinghe, CTO of One Identity

Gihan Munasinghe, CTO of One Identity chats about identity security and what it takes to seamlessly modernize legacy systems in light of evolving technologies in this CIO Influence interview:

_______________

Hi Gihan, what’s the most exciting part being a modern day SaaS CTO? 

What excites me most is the pace of change. Technology is evolving so quickly that it often feels like there’s nothing we can’t achieve, but it’s something of a double-edged sword – as technology improves, so does the level of customer expectation. Scalability, reliability, and security are no longer competitive differentiators – they’re simply expected. As SaaS CTOs, we have to stay ahead of market shifts and emerging trends, and build organizations that can adapt and exceed those expectations. The future is approaching faster than we think, and our teams need to be ready for it.

What are some of the top pointers around enterprise identity security you’d like to throw light on in today’s conversation? 

With a distributed workforce, growing SaaS adoption, and hybrid architectures across cloud‑native and on‑prem environments, identity has become the primary access control point. Geography used to be a much bigger factor, but now every access decision should begin with who or what is requesting access, rather than where the request originates. This means organizations can no longer simply pay lip service to a “Zero Trust” architecture – it must become the default operating model.

Another thing to note is that machines now outnumber human users on most networks by a factor of around 50:1, including things like service accounts, APIs, and autonomous AI agents. What many businesses still fail to realize is that these machine identities still require the same rigorous identity management as human users – strong lifecycle management, credential rotation, and least‑privilege access. When a human leaves the business or changes roles, their accounts are offboarded or their access privileges change, and we need to apply the same principles to machine identities.

Personally, I’m a strong advocate for just‑in‑time access. Reducing standing privileges and granting access only when needed significantly decreases risk while keeping operations moving.

Also Read: CIO Influence Interview With Jake Mosey, Chief Product Officer at Recast

What does it take to seamlessly modernize legacy systems and platforms today?  

That’s an excellent question. I firmly believe we shouldn’t modernize systems just for the sake of change. One of the most common pitfalls I see in modernization efforts is choosing the technology before defining the desired outcome. Moving to the newest stack shouldn’t be a goal in and of itself. Instead, I follow a simple, outcome‑driven playbook: start with a clear business objective, define the path to get there, incorporate security and compliance early, and establish measurable KPIs for success. It’s also important to consider built-in guardrails from the start to facilitate ‘fast failing’ – the sooner you know something isn’t working, the sooner you can remedy it. Bringing stakeholders along for the ride is also very underrated – users and partners need to be involved so any changes feel collaborative rather than imposed.

What tips would you share with fellow CTOs looking to scale their engineering teams in 2026?

Having grown teams across multiple regions, my team and I are forever reflecting on what success truly means. How do we scale without losing the qualities that made us strong to begin with? How do we stay ahead of customer expectations while ensuring our teams are built for long-term, sustainable performance? For me these are the questions that consistently guide effective growth.

Above all, be intentional with every hiring decision. Rapid growth isn’t necessarily a problem, but chasing speed alone can create new risks. It’s easy to default to adding more people, but headcount alone doesn’t guarantee progress. It’s important to focus on developing and strengthening the team before expanding it. A more effective path is to invest in intentional onboarding, maintain clarity as the organization scales, and put the right support structures in place for new members. Poorly planned onboarding creates confusion and a negative first impression, which can ultimately eat away at positive culture.

In the SaaS world, scaling is an ongoing journey. As your customer base grows, the systems you build must be capable of supporting millions of users. This evolution doesn’t happen overnight, but once you reach a certain point, the pace of scaling accelerates dramatically. To keep up with customer demand, you need to anticipate what they’ll need before they need it. It’s not necessarily about scaling with customers – just designing systems that are already several steps ahead of what they’re trying to achieve.

Five takeaways and thoughts you’d leave every CISO and CTO with before we wrap up? 

• • Zero Trust must be the foundation for how we architect our systems.
  • Privileged access should be tightly controlled and continuously monitored, with just‑in‑time access enabled wherever possible.
  • Strong identity is now make or break – organizations should adopt phishing‑resistant MFA and move toward passwordless authentication.
  • It’s equally important to design or choose an identity platform with reliability and scalability at its core. As we transition to identity‑based access and ‘Zero Trust’ models, any downtime or latency in the identity platform can have a widespread business impact.
  • Most importantly, always make the secure path the easiest path. Security controls that slow teams down won’t be followed, leading to workarounds that undermine the very protections you intend to put in place.

Catch more CIO Insights: Why CIOs are becoming chief risk orchestrators?

[To share your insights with us, please write to psen@itechseries.com ]