Notifications
Clear all
Topic starter
09/06/2026 11:26 pm
TL;DR: Policy delivery is becoming an operational pipeline problem, not just a library or framework choice, as Cerbos Cloud enters private beta as a cloud-hosted control plane for policy development, testing, and GitOps-style distribution, while Cerbos also says it has closed a $7.5 million extended seed round and raised $11 million to date.
NHIMG editorial — what this means for NHI practitioners
By the numbers:
- Cerbos has raised $11 million to date.
Questions worth separating out
Q: How should teams govern authorization policy changes in GitOps workflows?
A: Treat authorization policy changes like production code changes.
Q: Why do managed authorization pipelines matter for IAM programmes?
A: They matter because policy changes are no longer isolated edits inside an app.
Q: What can go wrong when access policy distribution is centralised?
A: Centralisation can reduce drift, but it also concentrates control and failure.
Practitioner guidance
- Classify policy CI/CD as a production control path Require approval, testing, and release traceability for authorization policy changes, including branch controls, build provenance, and rollback records.
- Separate policy authoring from policy promotion Use source control for desired state, but gate promotion into connected services with explicit checks for bundle integrity, version consistency, and environment targeting.
- Harden the policy repository and build chain Apply strong access controls to the repository, signing keys, and pipeline credentials that can alter authorization logic.
What's in the full announcement
Cerbos's full announcement covers the operational detail this post intentionally leaves for the source:
- Managed CI/CD workflow details for building and testing policy bundles before release
- Implementation specifics for distributing policy changes into connected Cerbos instances
- Private beta context for teams evaluating how the control plane fits their current deployment model
- Funding background and investor list for readers tracking the company's business development
👉 Read Cerbos's announcement on Cerbos Cloud private beta and funding →
Cerbos Cloud private beta: what changes for authorization teams?
Explore further
10/06/2026 1:46 am
Authorization is becoming a governed delivery pipeline, not a static library choice. The article shows a shift from embedding decisions in application code to operating policies as versioned, testable, distributable artefacts. That changes the control surface from development convenience to release governance, because the security of the authorization outcome now depends on the integrity of the policy pipeline. Practitioners should treat policy distribution as a first-class identity control plane.
A few things that frame the scale:
- 64% of valid secrets leaked in 2022 are still valid and exploitable today, proving that detection alone is not enough without automated revocation, according to The State of Secrets Sprawl 2026.
- The same research found that 28.65 million new hardcoded secrets were detected in public GitHub commits in 2025 alone, a 34% year-over-year increase and the largest single-year jump ever recorded.
A question worth separating out:
Q: Should security teams adopt a cloud control plane for authorization policies?
A: They should decide based on operating maturity, not convenience alone. A cloud control plane is useful when teams need versioned policy delivery and consistent enforcement at scale, but it also requires stronger repository controls, pipeline governance, and rollback discipline than ad hoc deployment models.
👉 Read our full editorial: Cerbos Cloud private beta raises the stakes for authorization governance
