Hybrid IAM and cloud control: what still needs software?

TL;DR: Enterprise identity software remains relevant in hybrid and private cloud environments because many regulated organisations need cloud-native agility without surrendering infrastructure control, according to Ping Identity. The practical question is no longer cloud versus software, but how identity teams preserve compliance, observability, and deployment flexibility across both.

NHIMG editorial — based on content published by Ping Identity: Software Is Alive & Well in the Age of Cloud

Questions worth separating out

Q: How should IAM teams decide between SaaS and self-managed identity software?

A: Base the decision on control residency, compliance evidence, resilience needs, and operational sovereignty, not on cloud preference alone.

Q: Why do regulated organisations still need hybrid identity deployments?

A: Because regulation often requires local control over logs, keys, and operational handling even when the rest of the stack moves to cloud services.

Q: What breaks when identity services are treated as just another SaaS app?

A: The control plane can become detached from the environments it governs, making it harder to meet sovereignty, recovery, and audit requirements.

Practitioner guidance

• Define control residency requirements Document which identity controls must remain self-managed because of regulatory, sovereignty, or audit constraints.
• Map identity services to workload criticality Classify authentication, authorisation, logging, and recovery dependencies by business criticality so that identity services supporting high-risk workloads get stronger resilience design.
• Test hybrid failover under identity load Run recovery exercises that include authentication surges, policy evaluation delays, and audit log access during failover.

What's in the full article

Ping Identity's full article covers the operational detail this post intentionally leaves for the source:

• Specific deployment patterns for self-managed, hybrid cloud, and private cloud identity stacks.
• Platform features such as distributed tracing, file-based configuration, and observability options.
• Compliance-oriented capabilities including phishing-resistant authentication and cryptographic assurance.
• Operational considerations for teams migrating without a rip-and-replace programme.

👉 Read Ping Identity's perspective on software, hybrid cloud, and identity control →

Hybrid IAM and cloud control: what still needs software?

Explore further

View Full Forum →  |  NHI Foundation Course →