Is Identity the New Cybersecurity Front Line?

Gerald Beuchelt, CISO at Acronis, shares expert insights on identity, threat intelligence, and balancing AI/human oversight in cybersecurity.

In an era where digital security dictates the very pace of business and government, understanding the nuances of cyber defense has never been more critical. We sit down with Gerald Beuchelt, the Chief Information Security Officer at Acronis, whose expertise extends to advising pioneering startups. As Beuchelt aptly puts it, “Identity – both human and machine identity – has become the most important control environment for security in highly distributed corporate IT environments.” 

In this insightful conversation, he illuminates the paramount role of identity and threat intelligence in confronting today’s intricate cyber challenges, alongside how Acronis scales real-time protection and balances automation with human ingenuity in safeguarding digital assets.

Full interview; 

As an advisor to startups like ID.me and Nisos, what excites you most about the future of identity and threat intelligence?

Identity and threat intelligence are at the heart of understanding current cybersecurity challenges.

Identity – both human and machine identity – has become the most important control environment for security in highly distributed corporate IT environments. Identity security with a high level of assurance for IDs is a prerequisite for building next-generation capabilities, including sensitive eGovernment solutions. 

Threat intelligence has become the defining element in identifying risks and prioritizing security programs. 

Given the diversity of IT environments, how does Acronis ensure real-time threat detection, particularly for MSPs? 

MSPs manage all kinds of environments: physical, virtual, and cloud. Acronis Cyber Protect Cloud is built to support that mix. It combines cybersecurity, backup, and endpoint management in one platform, making protecting everything from a single place easier.

We use multiple detection methods—AI, behavior analysis, and cloud intelligence—to stop known and new threats, including ransomware and zero-day attacks. In early 2025, AV-Test validated our protection.

Our Acronis Threat Research Unit (TRU) monitors threats 24/7 and pushes real-time alerts into the platform so MSPs can respond quickly with deeper scans or targeted patching.

XDR enhances this by connecting signals from endpoints, email, identity, and networks. This helps MSPs spot and respond to incidents faster. The single-agent approach simplifies deployment and reduces overhead; it works across Windows, macOS, Linux, and virtual environments.

Also Read: How ProcessUnity’s Todd Boehler Sees the Future of GRC

Please elaborate on how the Acronis Threat Research Unit informs product development and incident response. 

Acronis TRU is a dedicated team of cybersecurity professionals, AI experts, and threat intelligence analysts who are pivotal in shaping Acronis’ product development and incident response strategies.

Acronis TRU prioritizes contextualized intelligence relevant to partner environments, not just broad data feeds. Their insights guide updates to our AI and behavior-based detection, providing actionable alerts and response guidance.

They also help develop features in our Advanced Email Security and XDR packs based on real-world attack patterns. Acronis TRU collaborates with partners like Microsoft and aligns with frameworks like MITRE ATT&CK to ensure that what we deliver reflects what’s happening in the field.

This intelligence also powers our MDR service, giving MSPs access to expert analysts who support investigation and response. The goal is faster decisions, better protection, and more proactive defense.

What is your approach to balancing automation with human oversight in endpoint protection?

Automation handles scale; human oversight ensures accuracy. We combine both.

Our behavior-based detection tools identify real-time threats like ransomware and fileless attacks. We automate everyday tasks like patching, URL filtering, and ransomware rollback. For example, we take an image backup before patching to allow quick recovery if something breaks.

With XDR, actions like isolating an endpoint or rolling back files can happen automatically. Alerts from our CPOCs can also trigger changes to protection plans.

This automation reduces pressure on analysts, letting them focus on more complex investigations. Our MDR service provides 24/7 SOC support to review alerts, prioritize incidents, and provide forensic insight. When suspicious activity is flagged, metadata is analyzed in the cloud, and experts step in if needed. This reduces false positives and improves detection quality.

We also offer security awareness training, a key part of a strong security posture. It helps reduce the human errors that still cause most breaches. 

Also Read: Joel Burleson-Davis Tackles Rising Cyber Threats with AI and Passwordless Strategies

How do you evaluate and mitigate supply chain risks within cloud-native security architectures? 

We look at supply chain risk in layers—prevention, detection, and recovery.

Acronis runs regular vulnerability scans and supports patching for over 300 third-party apps, reducing exposure to known risks. Acronis TRU monitors for supply chain threats and feeds live intelligence into the platform.

Features like Email Security and Microsoft 365 Collaboration Protection help block attacks from common channels like phishing. For recovery, our backups are encrypted and notarized to prevent tampering. If something goes wrong, disaster recovery helps systems come back online quickly.

We follow a Zero Trust model. Endpoint tamper protection, secure remote access, and strict patching help harden systems. For partners, we offer support through Professional Services to build tailored supply chain protection plans.

In your opinion, what remains the biggest misconception businesses have about cyber resilience today? 

Many still believe that having backups or basic security is enough. It’s not.

Backups are essential, but not all are created equal. If malware is already in the system and backed up, recovery could reintroduce the threat. Resilience means more than recovery; it means not getting hit on the same path twice.

Acronis combines backup with security — AI threat detection, automated rollback, and forensic tools. This lets MSPs stop attacks, recover safely, and avoid reinfection.

Independent tests show our approach works even against advanced attacks, including those using zero-days. The takeaway: Resilience needs integration. Backup and security must work together.

What fundamental principles should guide ethical cybersecurity innovation as AI continues to accelerate? 

We follow four key principles — transparency, accountability, human focus, and resilience.

• Transparency: Users need to know how decisions are made.
• Accountability: We take responsibility for the results of AI and keep humans involved in complex cases.
• Human focus: AI should support experts, not replace them. Our MDR service is designed this way.
• Resilience: AI should help businesses stay operational, not just block threats. For example, an over-reliance on AI without adequate human oversight may lead to blind spots in security protocols. AI isn’t infallible. Human analysts still need to interpret edge cases, reduce bias, and weigh business impact. The real value comes from the partnership; AI accelerates detection, but humans validate and act.