Notifications
Clear all
Topic starter
08/06/2026 4:31 pm
TL;DR: Modern PAM is being reframed as a strategic control for cloud environments, with SSH Communications Security arguing that passwordless access, context-aware controls, and continuous internal assessment reduce credential theft while supporting business agility. The governance shift matters because identity, not perimeter tooling, now determines how critical infrastructure is accessed and controlled.
NHIMG editorial — based on content published by SSH Communications Security: modern PAM, passwordless access, and continuous risk assessment for cloud environments
By the numbers:
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job.
Questions worth separating out
Q: How should security teams modernize privileged access without creating new exposure?
A: Start by removing reusable passwords from the highest-risk administrative paths, then verify that every replacement has a clear owner, revocation method, and exception process.
Q: Why do hybrid cloud environments make PAM harder to govern?
A: Hybrid environments multiply the number of identity paths that can grant elevated access, including cloud consoles, on-premises admin tools, APIs, and recovery accounts.
Q: What breaks when privileged access reviews happen only on a schedule?
A: Scheduled reviews miss the moment when access changes, especially in environments where integrations, workloads, and temporary admin needs shift quickly.
Practitioner guidance
- Map every privileged dependency on passwords and shared secrets Identify administrative, recovery, and integration paths that still require reusable credentials, then classify which ones can move to short-lived or federated access without breaking operations.
- Separate authentication modernization from entitlement governance Replace static login methods, but also review standing privileges, emergency access, and legacy break-glass accounts that can survive after passwordless adoption.
- Build continuous internal control checks into PAM operations Use infrastructure telemetry and access logs to confirm whether privileged access is still being exercised within approved boundaries, then escalate drift to engineering and leadership.
What's in the full article
SSH Communications Security's full webinar covers the operational detail this post intentionally leaves for the source:
- Design workshop and framework whiteboarding guidance for teams starting PAM modernization.
- Practical migration considerations for replacing passwords in existing integrations and administrative workflows.
- How to structure continuous internal assessment so security findings reach engineering managers and executive leadership.
- Why identity becomes the core control surface when cloud and on-premises access paths converge.
👉 Read SSH Communications Security's webinar on modernising PAM for cloud identity →
Modern PAM in cloud environments: are passwords still the weak link?
Explore further
08/06/2026 6:12 pm
Modern PAM has become an identity governance layer, not a password vault. The article is right to move the conversation away from compliance theater and toward operational control of access. In cloud and hybrid estates, the real question is whether privileged access can still be bounded when integrations, recovery paths, and administrative exceptions multiply. Practitioners should treat PAM as part of the identity control plane, not a sidecar control.
A few things that frame the scale:
- 88.5% of organisations acknowledge that their non-human IAM practices lag behind or are merely on par with their human identity and access management efforts, according to The 2024 Non-Human Identity Security Report.
- A second finding in the same report shows that 35.6% of organisations cite managing consistent access across hybrid and multi-cloud environments as their top NHI security challenge.
A question worth separating out:
Q: Who should own continuous PAM control monitoring?
A: Ownership should sit with the teams that manage identity policy and the teams that operate the infrastructure, because PAM failures are both governance and engineering problems. Security leadership needs a control view, while platform teams need actionable telemetry and clear escalation paths.
👉 Read our full editorial: Modern PAM shifts cloud identity from passwords to context-aware access
