Identity at the Center Podcast: Tackling PAM Challenges in Cloud-Native Environments

Watch the full podcast here: https://www.youtube.com/watch?v=xvzhRRY8qdQ&ab_channel=IdentityattheCenter/?source=nhimg

The Identity at the Center podcast featured Shashwat Sagal, CEO & Founder of P0 Security, in a deep dive on the evolution and future of Privileged Access Management (PAM). The conversation explored how PAM has shifted from static vaults to bastion-host models, and now toward API-driven, ephemeral access, a model essential for modern, cloud-native infrastructures where static credentials are no longer viable.

Shashwat emphasized the guiding principle: “Access is Priority Zero”, privileged access must always be treated as the most critical security control.

Evolution of PAM

• Vault PAM (Legacy) - Managed static credentials for physical servers and databases.
• Bastion-Led PAM - Centralized jump hosts controlled access, but created friction and left standing privileges.
• API-Driven PAM (Today) - Uses cloud APIs to deliver short-lived, just-in-time credentials, with full auditability.

Looking ahead, Shashwat envisions Agent-Led PAM, where access management extends to AI agents and automated identities while maintaining least privilege and ephemeral access.

Key Insights

Historical context matters - Legacy PAM was designed for static, on-prem workloads and fails in dynamic, cloud-native environments.

Cloud-native needs ephemeral access - API-first PAM uses just-in-time, short-lived credentials to address cloud scale, velocity, and risk.

Operationalizing least privilege -Unlike IGA or CIEM, which emphasize visibility and compliance, PAM delivers real-time control and auditability.

Human + Non-Human parity - P0’s graph-based model treats humans, service accounts, and AI agents equally, essential as agentic AI adoption grows.

Adoption is a spectrum - Customers range from legacy PAM refreshers to greenfield adopters, moving step-by-step toward operationalized least privilege.

The next era: Agent-Led PAM - PAM must secure AI-driven identities with ephemeral, auditable controls, just as it does human users.

Pragmatic advice - Tackle the “big rocks” first in inherited environments, incrementally reducing risk while preparing for cloud and AI-driven futures.

Developer experience is non-negotiable - PAM succeeds when it secures access without slowing down developers or operations.

Strategic Takeaways

• Identity is the new perimeter - In hybrid and cloud, PAM is foundational—not optional.
• Short-lived access is the standard - Static credentials are liabilities; ephemeral access reduces blast radius.
• AI-driven future - Securing agentic identities will define the next frontier in PAM.
• Unified visibility & control - Treat all identities (human + non-human) through one API-led policy engine.

Conclusion

This episode underscores that modern PAM is not just a compliance checkbox but a strategic enabler of secure cloud and AI operations. Organizations should rethink their PAM strategies, moving from legacy vaults and bastions toward API-driven, ephemeral, least-privilege models, while preparing for the rise of AI-led access management.