Legacy PAM, zero trust access, and what teams should change

TL;DR: Legacy PAM, VPN-heavy access, and manual provisioning slow infrastructure teams while weakening auditability and least privilege, according to StrongDM’s customer examples. The pattern is clear: access governance breaks when controls cannot keep up with multi-cloud scale, offboarding, and session-level accountability.

NHIMG editorial — based on content published by StrongDM: 13 StrongDM use cases with real customer case studies

By the numbers:

• Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption.

Questions worth separating out

Q: How should security teams replace standing privileged access in multi-cloud environments?

A: They should shift privileged workflows to just-in-time access with automatic expiry, so elevated permissions exist only for the task at hand.

Q: Why does multi-cloud access make least privilege harder to maintain?

A: Because each cloud exposes different permission models, toolchains, and audit surfaces, so privilege becomes fragmented and harder to reason about.

Q: What do organisations get wrong about infrastructure access audits?

A: They often treat audit evidence as a reporting exercise instead of a control outcome.

Practitioner guidance

• Map every privileged path to a named owner Inventory database, server, Kubernetes, and cloud-console access paths, then assign an accountable owner for each one so revocation and review do not stall in shared queues.
• Replace standing admin access with task-scoped access Use just-in-time approval and automatic expiry for elevated sessions so access exists only for the duration of the work and does not persist between tasks.
• Standardise audit capture across infrastructure tiers Require session replay, query logging, and permission-change logs for every administrative path that can affect production systems or regulated data.

What's in the full article

StrongDM's full blog covers the operational detail this post intentionally leaves for the source:

• Case-study specifics for Bullhorn, Seismic, Beekeeper, and other environments that show how access workflows changed in practice.
• Session capture, query logging, and audit evidence examples that help teams compare controls against compliance requirements.
• Details on how access provisioning and deprovisioning were handled across multi-cloud estates and infrastructure tools.
• Practical deployment examples for replacing VPN-heavy or manual privileged access processes with task-scoped access.

👉 Read StrongDM's 13 use cases for infrastructure access and audit →

Legacy PAM, zero trust access, and what teams should change?

Explore further

View Full Forum →  |  NHI Foundation Course →