Notifications
Clear all
Topic starter
12/06/2026 10:11 pm
TL;DR: Cloud-based MFA and PKI remove implementation friction but do not remove the underlying work of inventorying, enabling, and governing users, machines, and applications across a changing ecosystem, according to Axiad. The real issue is that identity risk shifts from deployment to lifecycle control and ongoing verification.
NHIMG editorial — based on content published by Axiad: Are You Doing Everything You Can to Mitigate Your Cyber Security Risks?
By the numbers:
- 80% of identity breaches involved compromised non-human identities such as service accounts and API keys.
- Only 5.7% of organisations have full visibility into their service accounts.
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
Questions worth separating out
Q: How should security teams govern identity when authentication moves to the cloud?
A: They should treat cloud authentication as part of a broader lifecycle control model.
Q: Why do cloud MFA and PKI programmes still need strong IAM processes?
A: Because the control problem moves from infrastructure to governance.
Q: What breaks when application enablement is not managed carefully?
A: Teams usually create parallel access paths, manual exceptions, and legacy authentication routes that outlive the migration.
Practitioner guidance
- Inventory every identity before expanding enablement Build a current register of users, machines, applications, and service accounts so you can see what is actually being authenticated and where legacy paths still exist.
- Separate human and non-human onboarding paths Use distinct enrolment, verification, and exception workflows for interactive users and workload identities so one control model does not blur into another.
- Treat migration friction as a control signal Track failed enrolments, fallback authentication, and manual exceptions during rollout because they reveal where policy, communication, or application readiness is weak.
What's in the full article
Axiad's full blog covers the operational detail this post intentionally leaves for the source:
- The article’s rollout narrative and how Axiad positions cloud delivery for MFA and PKI enablement.
- The practical service and deployment considerations behind user, machine, and application onboarding.
- The author’s own examples of what can make an identity rollout succeed or fail in the field.
- The original context around Axiad ID Cloud and the professional services model described in the post.
👉 Read Axiad's blog on reducing cybersecurity risk in cloud identity deployments →
Cloud MFA and PKI enablement: where identity risk still hides?
Explore further
13/06/2026 12:47 am
Cloud identity delivery shifts the bottleneck from implementation speed to governance depth. Axiad’s argument is that faster deployment does not equal lower risk, because the estate still has to be inventoried, verified, and maintained. That is the real identity security test for cloud MFA and PKI programmes. Practitioners should judge these projects by whether they improve control over the full lifecycle, not by how quickly they go live.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to the Ultimate Guide to NHIs.
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.
A question worth separating out:
Q: How do organisations know whether cloud identity rollout is actually improving security?
A: Look for fewer unsupported exceptions, cleaner identity inventories, and a measurable reduction in legacy authentication dependencies. If adoption is rising but exceptions are also rising, the programme has probably moved faster than governance. Security improves when the control state becomes clearer, not just when the platform goes live.
👉 Read our full editorial: Why cloud MFA and PKI programmes still create identity risk
