Notifications
Clear all
Topic starter
24/06/2026 9:05 pm
TL;DR: Palo Alto Networks’ $25B CyberArk acquisition underscores how identity security is shifting from login and vault control toward runtime authorization, with the article citing 80:1 non-human identity growth and $29B in opportunity. Static roles and periodic reviews are no longer enough when access is dynamic, ephemeral, and increasingly machine-driven.
NHIMG editorial — based on content published by Opal Security covering the Palo Alto Networks and CyberArk acquisition and its identity security implications
By the numbers:
- Palo Alto Networks says non-human identities now outnumber humans by 80:1.
- Palo Alto Networks put the identity security opportunity at $29B.
Questions worth separating out
Q: How should security teams govern authorization for non-human identities?
A: Treat non-human identities as task-scoped subjects, not durable users.
Q: Why do static roles fail for modern cloud and AI workloads?
A: Static roles assume the access need is stable enough to be assigned once and reviewed later.
Q: What breaks when authorization is managed separately from identity lifecycle?
A: Access persists after the business reason for it has changed, which creates identity drift.
Practitioner guidance
- Separate authorization from authentication governance Map which controls currently stop at login, then identify where access decisions still rely on static roles, durable sessions, or ticket approvals.
- Inventory standing access across human and non-human identities Build a single view of persistent entitlements across service accounts, containers, and human users so you can see where privilege outlives the task that justified it.
- Adopt runtime policy for high-risk access Use live signals such as workload context, device posture, and risk score to decide whether access should be granted, continued, or removed during execution.
What's in the full analysis
Opal Security's full article covers the operational detail this post intentionally leaves for the source:
- A deeper walk-through of the authorization-first architecture and how it differs from login-centric identity controls.
- Examples of how the vendor applies policy-based access decisions across humans, service accounts, containers, and agents.
- Specific claims about platformization, composability, and runtime signal handling that support the editorial argument.
- The article's own framing of why the Palo Alto Networks and CyberArk deal changes the identity market narrative.
👉 Read Opal Security's analysis of the Palo Alto Networks and CyberArk deal →
CyberArk and Palo Alto consolidation: what changes for IAM teams?
Explore further
25/06/2026 6:04 am
Identity acquisition is really authorization consolidation. The market logic in this deal is not just about adding PAM to a broader platform. It is about pulling more of the access decision chain into one vendor perimeter, which may simplify procurement but also increases the strategic weight of runtime authorization. Practitioners should treat this as a sign that identity security is moving from point controls toward category ownership.
A few things that frame the scale:
- Only 19.6% of security professionals express strong confidence in their organisation's ability to securely manage non-human workload identities, according to The 2024 Non-Human Identity Security Report.
- That same report finds that 35.6% of organisations cite managing consistent access across hybrid and multi-cloud environments as their top NHI security challenge.
A question worth separating out:
Q: Who should own access decisions when humans, machines, and agents all need different controls?
A: Ownership should sit with the identity governance function, but the policy model must cover all actor types consistently. Human users, service accounts, and agents need different lifecycle mechanics, yet the same access logic should evaluate context, privilege, and expiry. That prevents governance gaps between IAM, PAM, and NHI teams.
👉 Read our full editorial: Palo Alto's CyberArk deal makes authorization the identity battleground
