Notifications
Clear all
Topic starter
06/06/2026 2:04 am
TL;DR: Cloud security leaders are focusing on practitioners shaping cloud security through architecture, controls, and incident response, according to Oasis Security, reflecting how cloud complexity keeps raising the bar for identity governance and risk management. The real takeaway is that cloud defence now depends on disciplined identity design across human, workload, and emerging agentic systems.
NHIMG editorial — based on content published by Oasis Security: Top 10 Security Architects to follow on Linkedin
Questions worth separating out
Q: How should security teams govern cloud workloads that rely on service accounts and API keys?
A: Treat workload identities as first-class governed assets, not implementation details.
Q: Why do cloud security programmes need both architecture and identity governance?
A: Cloud architecture decides where trust is created, while identity governance decides who or what can use it.
Q: What breaks when workload identities are not lifecycle-managed?
A: Ownership becomes unclear, credentials linger after the original use case ends, and access reviews lose meaning because they are checking entitlements that no longer match reality.
Practitioner guidance
- Map cloud architecture decisions to identity controls Inventory where authentication, authorisation, logging, and secret handling are defined in cloud design reviews, then tie each one to a named owner in IAM, PAM, or NHI governance.
- Reduce standing access for workload identities Review service accounts, tokens, and certificates for excessive permissions, long-lived validity, and unclear ownership.
- Add offboarding to cloud control design Require a revocation path for every non-human identity used in cloud environments, including accounts created by pipelines or infrastructure automation.
What's in the full article
Oasis Security's full blog covers the practitioner details this post intentionally leaves at the governance level:
- Detailed profile-by-profile descriptions of the security architects highlighted in the roundup.
- The cloud security specialisms and career paths the article associates with each architect.
- The specific ways the post frames architecture, compliance, and incident response responsibilities.
- The source article’s broader career-oriented context for readers looking beyond the governance angle.
👉 Read Oasis Security's top 10 security architects roundup for cloud security context →
Security architects in 2024: what this says about cloud identity risk?
Explore further
06/06/2026 3:32 am
Cloud security architecture is now identity governance by another name. The article frames security architects as cloud defenders, but the underlying work is entitlement design, control enforcement, and operational accountability. That means architecture choices now decide whether access is bounded, observable, and revocable across humans, workloads, and machine-driven operations. Practitioners should treat the security architect function as a governance layer, not just a technical role.
A few things that frame the scale:
- Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security, according to the 2026 Infrastructure Identity Survey.
- 67% of organisations still rely heavily on static credentials despite the risks they pose to agentic AI deployments, according to the 2026 Infrastructure Identity Survey.
A question worth separating out:
Q: Who should own cloud identity decisions when security architecture and IAM overlap?
A: Security architecture, IAM, PAM, and platform teams should share the model, but one group must own the final control map. Without clear ownership, cloud privilege design becomes fragmented, and no team can reliably answer who approved access, who can revoke it, or which system is responsible when controls fail.
👉 Read our full editorial: Top security architects in 2024 reflect cloud identity governance gaps
