Notifications
Clear all
Topic starter
25/06/2026 5:16 pm
TL;DR: Static vaulting and appliance-heavy PAM models struggle to keep pace with cloud-native, API-driven environments, according to Akeyless. The governing issue is not whether privileged access remains necessary, but whether access, secrets, and encryption can be managed without standing credentials and operational drag.
NHIMG editorial — based on content published by Akeyless: BeyondTrust alternatives and the case for modern PAM
Questions worth separating out
Q: How should security teams govern privileged access in cloud-native environments?
A: Teams should prioritise task-scoped access, short-lived credentials, and clear separation between session control and secret storage.
Q: When does vault-based PAM become a poor fit for modern infrastructure?
A: Vault-based PAM becomes a poor fit when workloads are ephemeral, infrastructure is distributed, and access changes faster than manual rotation or module orchestration can keep up.
Q: What do security teams get wrong about zero-knowledge PAM?
A: Teams often treat zero-knowledge as a product label instead of a trust-boundary property.
Practitioner guidance
- Inventory standing secrets by access path Map every privileged workflow that still depends on stored credentials, then classify where those credentials are injected, rotated, and audited.
- Separate remote access governance from secret storage Define which controls belong to session initiation, which belong to credential lifecycle, and which belong to encryption handling.
- Test zero-knowledge claims against recovery and administration Review whether administrators, support workflows, or platform recovery processes can ever reconstruct privileged material.
What's in the full article
Akeyless's full article covers the operational detail this post intentionally leaves for the source:
- Specific deployment and architecture comparisons between appliance-based PAM and SaaS-native control models.
- Protocol-by-protocol coverage for SSH, RDP, databases, Kubernetes, and web application access.
- The article's own feature table showing where vaulting, session recording, and zero-knowledge claims differ in implementation.
- Practical positioning for teams evaluating hybrid and multi-cloud privileged access requirements.
👉 Read Akeyless's comparison of BeyondTrust and modern PAM governance →
Modern PAM governance for hybrid environments: what is changing?
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
25/06/2026 5:51 pm
Standing secret governance is the real failure point in legacy PAM models. The article makes clear that vault-centric control still leaves organisations managing standing credentials, rotation workflows, and module dependencies. That is a governance problem, not just an infrastructure one. When privileged access is built around secrets that persist long enough to be stored, injected, and rotated, the programme is already carrying avoidable exposure across human and machine access paths. The implication is that identity teams must treat secret persistence as a design debt, not an implementation detail.
A few things that frame the scale:
- 54% of organisations are dissatisfied with their current secrets management solution because not all secrets are secured, and 43% cite lack of central management, according to The 2024 State of Secrets Management Survey.
- The same survey found that only 44% of organisations are currently using a dedicated secrets management system, which shows how many programmes still rely on partial controls.
A question worth separating out:
Q: How do IAM and PAM programmes govern human and machine privilege together?
A: They need one entitlement model, one review process, and one audit view that covers admin users, service accounts, and workload identities. Separate governance tracks usually hide drift, duplicate controls, and unresolved exceptions that create inconsistent privilege boundaries.
👉 Read our full editorial: BeyondTrust alternatives expose the shift to modern PAM governance
