Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Idira after CyberArk: what changes for IAM and NHI teams?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9773
Topic starter  

TL;DR: Idira is Palo Alto Networks’ rebranded CyberArk portfolio, combining PAM, secrets management, certificate management, and an early AI agent identity layer into one control plane, according to Infisical. For practitioners, the important question is not the brand change but whether the architecture, operating model, and cost profile fit the identity problem you actually need to solve.

NHIMG editorial — based on content published by Infisical: Idira (the Rebranded CyberArk): The Complete Guide

By the numbers:

  • Palo Alto Networks completed its acquisition of CyberArk, a deal widely reported at around $25 billion, and in May 2026 folded the CyberArk portfolio into a single brand called Idira.

Questions worth separating out

Q: How should security teams evaluate a rebranded identity platform after an acquisition?

A: Start with the operating model, not the brand.

Q: When does an all-in-one identity platform create more risk than it removes?

A: It creates more risk when the platform centralises too many identity domains but still requires specialised operators, opaque pricing, or complex migrations.

Q: What do IAM and NHI teams get wrong about secrets management and PAM?

A: They often treat them as interchangeable because both deal with credentials, but they solve different problems.

Practitioner guidance

  • Map identity domains separately before platform selection. Split human PAM, machine secrets, certificate lifecycle, and agent governance into separate control requirements before comparing products.
  • Test the migration and offboarding path first. Validate how credentials, policies, audit logs, and service integrations move out of the platform before committing to expansion.
  • Measure operator dependence as a risk indicator. Track how many specialised engineers are required to run onboarding, policy updates, rotation, and incident response.

What's in the full article

Infisical's full blog post covers the operational detail this analysis intentionally leaves for the source:

  • A side-by-side breakdown of Idira, CyberArk, and the renamed product components for practitioners comparing packaging and capabilities.
  • Detailed discussion of which existing CyberArk products continue, which are renamed, and how the portfolio is being positioned under Palo Alto Networks.
  • Pricing, deployment, and operational complexity notes that help teams estimate whether the platform fits a small, mid-market, or large-enterprise operating model.
  • Practical buying guidance for teams deciding whether to stay with CyberArk lineage tooling or evaluate simpler alternatives.

👉 Read Infisical's analysis of the Idira rebrand and CyberArk transition →

Idira after CyberArk: what changes for IAM and NHI teams?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 9257
 

Brand consolidation does not resolve identity architecture risk. Idira may unify the customer story, but it does not unify the underlying governance problems of PAM, secrets, certificate lifecycle, and agent access. The field should read this as a platform-level packaging decision, not a control-model breakthrough. Practitioners should evaluate whether the consolidation clarifies accountability or merely centralises complexity.

A few things that frame the scale:

  • The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
  • Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap.

A question worth separating out:

Q: Who is accountable when a platform vendor changes ownership or branding?

A: The customer remains accountable for access, rotation, offboarding, and audit continuity. Vendor ownership changes may affect roadmap and support, but they do not transfer governance responsibility. Teams need documented exit paths, entitlement inventories, and control ownership so that a product change does not become an access-control blind spot.

👉 Read our full editorial: Idira’s CyberArk rebrand shifts the debate to identity architecture



   
ReplyQuote
Share: