Notifications
Clear all
Topic starter
08/06/2026 4:10 pm
TL;DR: Virtual private clouds aim to reduce identity and data exposure in shared cloud environments by isolating customer traffic and storing sensitive information in dedicated infrastructure, according to Axiad. The broader lesson is that cloud convenience does not remove identity trust assumptions, it only changes where those assumptions break.
NHIMG editorial — based on content published by Axiad: Virtual Private Cloud: The benefits of the cloud without the risk
By the numbers:
- 30% last year., ud spending increased by over 30% last year.
- spending is likely to double to around $500 billion by 2023.
- 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.
Questions worth separating out
A: Security teams should separate the risk of the credential from the risk of the platform.
Q: Why do virtual private clouds matter for NHI governance?
A: Virtual private clouds matter because non-human credentials are often persistent, reusable, and highly privileged.
Q: What breaks when cloud identity governance assumes the provider has already isolated everything?
A: What breaks is the assumption that tenancy equals security.
Practitioner guidance
- Classify cloud credential residency by blast radius Inventory which service accounts, API keys, certificates, and tokens sit in shared cloud services versus dedicated tenant boundaries, then rank them by the reach of a compromise rather than by sensitivity labels alone.
- Separate platform isolation from identity governance Document whether a virtual private cloud protects the storage layer, the transport layer, or both, and verify that revocation, rotation, and deletion processes still work independently of the isolation model.
- Test audit evidence for regulated workloads For regulated environments, require proof that credential storage location, tenant isolation, and end-of-life data return are all traceable in audit evidence before accepting the design.
What's in the full article
Axiad's full blog post covers the operational detail this post intentionally leaves for the source:
- How the virtual private cloud is deployed as a dedicated customer boundary for identity workloads
- The stated approach for storing sensitive information in a FIPS-certified hardware security module
- The customer-facing handling of data return and deletion on the vendor side
- The claim that the setup can be provisioned in under an hour without requiring the IT team to maintain it
👉 Read Axiad's analysis of virtual private cloud identity risk →
Virtual private clouds and cloud identity risk: what IAM teams miss?
Explore further
08/06/2026 5:39 pm
Shared-cloud identity risk is really an isolation problem, not a storage problem. The article frames the concern around where credentials live, but the deeper issue is whether the surrounding cloud boundary can keep one tenant from becoming a path into another. That is why identity controls must be evaluated alongside tenancy design, not after the fact. Practitioners should treat cloud credential placement as a blast-radius decision, not a convenience decision.
A few things that frame the scale:
- 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
A question worth separating out:
Q: How do compliance teams evaluate whether cloud-stored credentials are adequately protected?
A: Compliance teams should look for evidence of control, not just architecture diagrams. The key questions are whether identity material is isolated, whether access can be revoked cleanly, and whether the organisation can prove data return or deletion on exit. If those answers are unclear, the design is not yet audit-ready.
👉 Read our full editorial: Virtual private clouds reduce cloud identity risk, but not shared trust
