Identity at a Crossroads: Why One Identity’s CTO Gamble Could Reshape Enterprise Security
Subtitle: Gihan Munasinghe’s appointment signals a high-stakes technological shift as One Identity faces an evolving security landscape and rising SaaS demands.
In an industry where breaches make headlines and trust is currency, the leadership behind the code can be the difference between resilience and ruin. This week, One Identity-the quiet powerhouse behind the digital gates of over 11,000 organizations-bet big on transformation by naming Gihan Munasinghe as Chief Technology Officer. But is this just a routine reshuffle, or the start of a new chapter in the high-stakes battle for identity security?
Fast Facts
- Gihan Munasinghe appointed CTO of One Identity, a leading identity security firm.
- Brings 15+ years’ experience in scaling global engineering teams and modernizing legacy platforms.
- Tasked with accelerating SaaS adoption and driving product innovation for enterprise customers.
- One Identity protects over 500 million digital identities worldwide.
- Strategic shift comes as demand for secure, reliable, and easy-to-consume identity solutions spikes.
At first glance, the appointment might seem like standard corporate maneuvering. But dig deeper, and Munasinghe’s arrival is more than a personnel update-it’s a calculated response to seismic shifts in the cyber threat landscape and enterprise IT expectations. The identity security sector, once a niche concern for compliance teams, is now a front-line defense as attackers exploit weak credentials and mismanaged access. For a company like One Identity, whose software forms the backbone of access for banks, governments, and Fortune 500s, the stakes have never been higher.
Munasinghe’s background offers clues to the company’s new direction. With a reputation for modernizing outdated infrastructure and scaling platforms to serve massive user bases, he’s no stranger to the challenges of “legacy drag”-the technical debt that can hamstring innovation and expose vulnerabilities. His previous roles at global software firms suggest a leader who thrives in complexity, building high-performance cultures that prioritize both speed and reliability.
The pressure is on. As organizations scramble to adopt fully managed SaaS (Software-as-a-Service) models, the demand for seamless, always-on security is relentless. Customers expect not just innovation, but bulletproof reliability and frictionless integration into sprawling digital ecosystems. “Customers expect products that are not only innovative, but also reliable, secure, and easy to consume,” Munasinghe emphasized in his first public statement. His mandate: deliver what’s needed today while anticipating the threats of tomorrow.
For One Identity, this is more than a technological facelift. It’s an existential pivot, as the company seeks to balance its legacy as a trusted guardian of digital identities with the agility required by the cloud era. CEO Praerit Garg underscored the urgency, citing Munasinghe’s blend of “technical depth, operational discipline, and customer-first thinking” as critical to the firm’s evolution. The transition won’t be seamless-modernizing core platforms while scaling up SaaS delivery is fraught with risk, from architectural overhauls to the ever-present danger of introducing new vulnerabilities.
Still, the move signals One Identity’s willingness to bet on transformation rather than complacency. In the high-wire world of identity security, standing still is the greatest risk of all.
Looking Ahead
As Munasinghe takes the helm, the industry will be watching: Can One Identity deliver on its promise of secure, scalable, and user-friendly identity solutions-or will the perils of legacy hold it back? The answer may define not only the company’s future, but the security posture of its vast client base.
WIKICROOK
- Identity Security: Identity security manages and monitors who can access digital systems and what actions they can perform, protecting against unauthorized access and misuse.
- SaaS (Software: SaaS (Software as a Service) delivers cloud-hosted applications over the internet, letting users access software without local installation or maintenance.
- Legacy Platforms: Legacy platforms are outdated systems still in use, often lacking support and security updates, which can create vulnerabilities in an organization's cybersecurity.
- Privileged Access Management (PAM): Privileged Access Management (PAM) controls and monitors what users with elevated permissions can do, helping secure sensitive systems and data.
- Technical Debt: Technical debt is the growing cost and risk from using outdated or quick-fix technology, making future changes harder and more expensive.




