Notifications
Clear all
Topic starter
03/06/2026 6:13 pm
TL;DR: Infrastructure access governance needs hidden credentials, session logging, least privilege, and just-in-time controls across databases, servers, and Kubernetes, according to StrongDM’s comparison framing Perimeter 81 as a remote-access and SASE option. That gap matters because access reviews and SSO alone do not solve privileged infrastructure access.
NHIMG editorial — based on content published by StrongDM: Competitors and alternatives to Perimeter 81 2026
Questions worth separating out
Q: How should security teams govern privileged access to databases, servers, and Kubernetes?
A: Security teams should govern privileged access at the resource layer, not only at the perimeter.
Q: Why do SASE tools often leave PAM gaps in infrastructure environments?
A: SASE tools focus on secure entry, but PAM must also control what happens after entry.
Q: What breaks when end users still see database credentials or SSH keys?
A: Direct exposure of credentials breaks least-privilege design because access can be copied, reused, or retained beyond the intended session.
Practitioner guidance
- Map infrastructure access paths to the actual resource owner Inventory where databases, servers, Kubernetes clusters, and third-party vendors are accessed through network tools versus identity-aware control planes.
- Separate connectivity from privilege Use SSO and network controls for entry, but enforce least privilege, just-in-time access, and session recording at the resource layer.
- Require session evidence for privileged operations Make query logs, shell history, and kubectl activity part of recertification and incident response.
What's in the full article
StrongDM's full blog covers the operational detail this post intentionally leaves for the source:
- Side-by-side feature comparison of access patterns for databases, servers, and Kubernetes.
- Product-specific notes on session recording, query logging, and browser-based administration.
- Implementation details for SSO integration and user lifecycle handling across teams.
- Practical points on vendor access and project-based permissions that expire automatically.
👉 Read StrongDM's comparison of Perimeter 81 alternatives for infrastructure access →
Perimeter 81 alternatives: what access teams should re-evaluate?
Explore further
03/06/2026 6:14 pm
Perimeter-centric access models do not solve privileged infrastructure governance. They can centralize entry, but they do not remove the need to control credentials, session actions, or resource-level privilege. For databases, servers, and Kubernetes, the identity question is what happens after the user is admitted. Practitioners should read this as a reminder that secure access and governed access are not interchangeable.
A few things that frame the scale:
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to the 2026 Infrastructure Identity Survey.
- The same survey found that only 13% of organisations feel extremely prepared for the reality of agentic AI, which shows how quickly governance models are lagging runtime behaviour.
A question worth separating out:
Q: What is the difference between secure remote access and governed privileged access?
A: Secure remote access gets a user to a system, while governed privileged access controls the privilege used inside that system. The first is about connectivity and trust at the edge. The second is about entitlement scope, session visibility, and the ability to revoke or review access precisely.
👉 Read our full editorial: Perimeter 81 alternatives show the limits of SASE for access
