TL;DR: Identity and data security platforms now need cloud-native scale without weakening access control assumptions, as Netwrix says its expanded collaboration with Microsoft will use Azure to scale 1Secure capabilities for data discovery, identity governance, and risk visibility across hybrid and cloud environments, according to Netwrix.
At a glance
What this is: Netwrix is expanding its Microsoft Azure collaboration to scale its 1Secure platform for data and identity security across hybrid and cloud environments.
Why it matters: For IAM, NHI, and autonomous programmes, this matters because platform scale, access visibility, and data discovery are now being built into the same operational layer rather than treated as separate controls.
👉 Read Netwrix's statement on expanding its Microsoft Azure collaboration
Context
Hybrid cloud identity control now has to account for platform scale, distributed data discovery, and access governance at the same time. When identity and data security tools are expected to operate across cloud and on-premises environments, the question is no longer whether controls exist, but whether they still hold under operational growth.
This announcement is about infrastructure choice, but the governance implication is broader. Security teams are being pushed toward architectures that can process more identity and data signals without losing auditability, control scope, or consistency across environments.
Key questions
Q: How should security teams govern identity controls across hybrid cloud environments?
A: Security teams should govern hybrid identity controls by validating that access policy, telemetry, and enforcement work consistently across each environment where data is processed. The focus should be on whether human identities, service accounts, and workload identities can all be traced back to the same control model, especially when sensitive data moves between cloud and on-premises systems.
Q: Why does platform scale change identity governance requirements?
A: Platform scale changes identity governance requirements because more systems, more identities, and more data paths increase the chance that visibility and enforcement drift apart. Once security operations span multiple clouds and services, the programme needs correlated access insight, not isolated policy checks, or risk decisions become incomplete.
Q: What breaks when identity and data security are managed separately?
A: When identity and data security are managed separately, organisations can discover sensitive data without knowing which identities can reach it, or control access without understanding which data is exposed. That split makes governance slower and less accurate because entitlement risk and data risk are never evaluated together.
Q: How do teams know whether hybrid access governance is actually working?
A: Teams know hybrid access governance is working when they can explain every sensitive-data path from discovery through entitlement and enforcement, without gaps between platforms. If an audit cannot show who or what can reach a dataset across cloud and on-premises systems, the governance model is incomplete.
How it works in practice
Hybrid cloud identity control and platform scale
Hybrid cloud identity control depends on a platform being able to ingest, correlate, and act on identity signals across multiple environments without fragmenting policy enforcement. In practice, this means access visibility, data discovery, and governance workflows must operate across different cloud and on-premises planes while preserving a single security model. When scale increases, weak coupling between identity telemetry and enforcement becomes a failure point because teams lose the ability to see entitlement drift, data exposure, and policy exceptions in one place.
Practical implication: validate whether identity governance controls remain consistent when workloads, users, and data move across environments.
Identity governance for distributed data processing
Data processing at cloud scale changes identity governance because the security problem is no longer only who can log in, but which systems can process, inspect, and expose sensitive data. Distributed platforms often use service accounts, tokens, and workload identities to move data between services, which expands the governance surface. The key technical issue is that visibility tools and access controls must remain aligned, or the organisation can know data exists without knowing which identity paths can reach it.
Practical implication: map service account and workload access paths to sensitive data locations before approving broader cloud processing.
Why Microsoft Azure commitments matter for security architecture
Azure commitments often shape how vendors design scale, deployment, and control planes because cloud infrastructure becomes part of the security architecture rather than a hosting choice. For identity security tools, that matters because the performance, segregation, and regional consistency of telemetry pipelines can influence how quickly access risk is detected and how reliably policy is enforced. The architectural question is whether cloud dependence improves control fidelity or simply increases throughput without better governance.
Practical implication: review whether cloud platform dependence improves control fidelity or only increases throughput.
NHI Mgmt Group analysis
Platform scale is now an identity governance requirement, not an infrastructure bonus. Once identity and data security operations span hybrid and cloud environments, governance has to absorb more signals without degrading decision quality. The practical test is whether visibility, access control, and risk response still work when the estate is distributed rather than centralised.
Identity and data security are converging around the same control plane. The old separation between data discovery tools and identity governance tools is becoming less useful because exposure often comes from entitlements, not just data location. That convergence means practitioners should evaluate whether a platform can connect sensitive data to the identities that can reach it, across workload and human access paths.
Hybrid environments expose governance gaps faster than standalone cloud programmes. Enterprises rarely fail because they lack policy statements; they fail because policy consistency breaks when data, identities, and services are spread across operational domains. This is where identity blast radius becomes visible, and it is a useful named concept for understanding how access scope expands when the same identity operates across multiple control planes. Practitioners should treat blast radius as a governance metric, not just an incident outcome.
NHI and human IAM now share the same operational dependency on scalable control telemetry. When the same platform must support human access, service access, and cloud-based processing, governance quality depends on correlating all three rather than managing them in isolation. That is the direction the market is moving, and teams should re-evaluate whether their identity programme still assumes environment boundaries that no longer exist.
From our research:
- 67% of organisations still rely heavily on static credentials despite the risks they pose to agentic AI deployments, according to the 2026 Infrastructure Identity Survey.
- Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption.
- Build the next control layer with Ultimate Guide to NHIs when you need a broader reference for lifecycle, visibility, rotation, and offboarding.
What this signals
The strategic signal for practitioners is that hybrid identity programmes are moving toward control-plane consolidation. As access, telemetry, and data protection logic converge, teams will need governance models that can explain risk across cloud services rather than within a single product boundary.
Identity blast radius: the effective reach of an identity across data, services, and enforcement planes. As environments become more distributed, the blast radius of weak governance matters more than the number of individual controls on paper.
With 70% of organisations already granting AI systems more access than human employees, per the 2026 Infrastructure Identity Survey, the same architectural pressure will extend into agentic workflows if identity governance is not unified early.
For practitioners
- Audit hybrid access paths for shared control assumptions Identify where human identities, service accounts, and workload identities rely on the same data processing or governance pipeline. Look for places where visibility is local to a cloud region or product boundary and cannot explain end-to-end access to sensitive data.
- Test whether identity governance survives platform expansion Run a control validation exercise for the environments where your data and identity tooling will scale next. Confirm that logging, entitlement review, and policy enforcement still produce a complete audit trail when systems are distributed across multiple cloud services.
- Link sensitive data discovery to entitlement review Do not treat discovery and governance as separate workstreams. For each sensitive dataset, identify the identities, service accounts, and workflows that can reach it, then review whether those paths are still justified in hybrid operations.
Key takeaways
- Netwrix's Azure expansion is a signal about operating model, not just hosting strategy.
- Hybrid cloud security gets harder when data discovery, access governance, and identity telemetry are not evaluated together.
- Practitioners should test whether their current control model still works once scale and distribution increase.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | Hybrid identity platforms depend on controlling non-human identity exposure. |
| NIST CSF 2.0 | PR.AC-4 | Least privilege across hybrid environments depends on consistent access enforcement. |
| NIST Zero Trust (SP 800-207) | PR.AC-1 | Zero trust requires continuous verification across distributed identity and data paths. |
Inventory service accounts and workload identities before extending governance across cloud platforms.
Key terms
- Hybrid Cloud Identity Control: Hybrid cloud identity control is the practice of enforcing consistent access and visibility rules across on-premises and cloud environments. It becomes difficult when identity telemetry, policy enforcement, and data protection are split across platforms that do not share a common governance model.
- Identity Governance: Identity governance is the discipline of deciding who or what should have access, for how long, and under what conditions. In hybrid environments, it must cover people, service accounts, workload identities, and the systems that process sensitive data.
- Identity Blast Radius: Identity blast radius is the amount of data, systems, and services an identity can affect if it is over-privileged or misused. It is a useful measure of governance quality because it shows how far access can spread across connected environments.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.
This post draws on content published by Netwrix: Netwrix expands Microsoft collaboration to support growth and scale of its 1Secure Data and Identity Security Platform. Read the original.
Published by the NHIMG editorial team on 2026-05-13.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
