Notifications
Clear all
Topic starter
12/06/2026 9:58 pm
TL;DR: Privileged access management must evolve from protecting a fixed set of admin accounts to governing privileged users, credentials, cloud permissions, OT systems, and non-human identities across hybrid environments, according to Palo Alto Networks. The real shift is that privilege is becoming a dynamic control plane, so standing assumptions about least privilege, delegation, and review windows no longer hold.
NHIMG editorial — what this means for NHI practitioners
By the numbers:
- Over 8 in 10 IT leaders are adopting hybrid cloud environments.
Questions worth separating out
Q: How should security teams govern privileged access across cloud and non-human identities?
A: Security teams should govern privileged access as a path problem, not only an account problem.
Q: Why do cloud environments make PAM harder to manage?
A: Cloud environments make PAM harder because privilege is created dynamically through roles, APIs, automation, and delegated trust.
Q: What do organisations get wrong about privileged access reviews?
A: They often review named accounts instead of the actual access path that creates privilege.
Practitioner guidance
- Inventory privileged identity paths across all environments Document where elevated access originates, where it is inherited, and which identities can execute privileged actions in cloud, OT, and automation workflows.
- Separate OT privilege governance from standard enterprise PAM Apply a distinct control model for operational systems that reflects vendor access, safety constraints, and limited change windows.
- Converge secrets, workload identity, and PAM reviews Review whether privileged access depends on credentials hidden in a vault, embedded in automation, or inherited through cloud roles.
What's in the full announcement
Palo Alto Networks' full article covers the operational detail this post intentionally leaves for the source:
- Barak Feldman’s full PAM perspective on cloud and OT privilege management
- The article’s practical examples of how privilege must adapt across new identities and environments
- Additional context on why high-risk access needs stronger controls in hybrid cloud programmes
- The source’s best-practice framing for balancing speed, innovation, and least privilege
👉 Read Palo Alto Networks' perspective on PAM evolution for cloud and OT →
Privilege as a dynamic control plane: what changes for IAM teams?
Explore further
13/06/2026 12:25 am
Privilege is becoming a dynamic control plane, not a fixed account class. The article’s core argument is that PAM can no longer be limited to a narrow set of vault-backed administrator identities. Cloud, OT, developers, and non-human identities now share the privilege surface, which means the control problem is distribution, inheritance, and timing rather than just storage. Practitioners should read this as a governance reset, not a feature update.
A few things that frame the scale:
- 88.5% of organisations acknowledge that their non-human IAM practices lag behind or are merely on par with their human identity and access management efforts, according to The 2024 Non-Human Identity Security Report.
- Only 19.6% of security professionals express strong confidence in their organisation's ability to securely manage non-human workload identities, which shows how thin current governance confidence remains.
A question worth separating out:
Q: Which frameworks are most relevant for privileged access governance today?
A: NIST CSF and Zero Trust Architecture are useful for mapping privilege to continuous verification and least-privilege enforcement. For machine and delegated identities, OWASP Non-Human Identity guidance helps teams align secrets, workload identity, and rotation controls with privileged access governance. The practical test is whether the framework covers the full identity path, not just human administrators.
👉 Read our full editorial: Privilege as a dynamic control plane: PAM must expand across identities
