TL;DR: Identity access security around Active Directory, contextual authentication, session control, and file auditing is being consolidated through Aries Global’s acquisition of IS Decisions for more than 3,000 organisations across regulated sectors, according to IS Decisions. The market signal is clear: enterprise security buyers are still looking for identity controls that reduce friction without relaxing governance.
NHIMG editorial — based on content published by IS Decisions: Aries Global acquires IS Decisions and expands identity access security
By the numbers:
- IS Decisions protects over 3000 organisations globally.
Questions worth separating out
Q: How should teams govern Active Directory access in hybrid environments?
A: Treat Active Directory as an active control plane, not a legacy exception.
Q: Why do session controls matter as much as authentication for identity security?
A: Authentication answers who got in, but session controls answer what they can do after entry.
Q: What breaks when file auditing is separated from access governance?
A: When file activity is isolated from identity governance, security teams lose the link between entitlement, use, and risk.
Practitioner guidance
- Reassess Windows access paths that still rely on static trust Identify Active Directory sessions that start with broad trust and no continuous policy re-evaluation, then separate routine access from privileged access that needs tighter enforcement.
- Align authentication, session, and audit controls to the same privilege tier Map administrative workflows end to end so that the login policy, session limits, and file audit coverage all apply to the same high-risk accounts and actions.
- Use audit evidence to drive recertification decisions Feed file and session activity into access reviews so entitlement decisions reflect actual behaviour, not just approved role membership or historical assignment.
What's in the full analysis
IS Decisions' full announcement covers the operational detail this post intentionally leaves for the source:
- The acquisition structure and what it means for product ownership and integration
- The platform roadmap for adaptive MFA, user behaviour analytics, and Entra ID integration
- The market and channel implications of combining identity controls with a broader security platform
- The company background and deployment footprint across regulated sectors and global regions
Active Directory access governance after the Aries Global acquisition?
Explore further
Identity access control is becoming a platform boundary, not a point product category. Acquisitions like this show that buyers no longer evaluate authentication, session oversight, and audit as isolated functions. They are increasingly being treated as foundational layers that must sit close to the operating environment. For practitioners, that means the buying unit is shifting from feature lists to control coverage across the full access path.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared with nearly 1 in 4 for securing human identities.
A question worth separating out:
Q: Who is accountable when privileged access is abused in Windows environments?
A: Accountability should sit with the teams that own privilege design, authentication policy, and monitoring coverage, not only the endpoint or infrastructure team. In practice, PAM, IAM, and security operations all have a role because abuse becomes possible when control layers are split and no one owns the full session lifecycle.
👉 Read our full editorial: Aries Global acquires IS Decisions: Active Directory access governance