Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

PAM solutions increasingly focus on zero standing privilege, just-in-time access, and session visibility to reduce identity-based risk and meet Zero Trust and cyber insurance requirements. Organizations should evaluate PAM platforms based on deployment flexibility, identity integration, and operational overhead.

Identity security didn’t suddenly fail us. It didn’t break. It just grew apart. Many agile changes started as smart, necessary business decisions – cloud adoption, remote work, SaaS acceleration, mergers and acquisitions – all of which quietly reshaped identity into something far more distributed than it was ever designed to be. Each move solved a real problem in the moment. But collectively, they created something harder to manage: Identity siloes that don’t communicate.

Privileged access programs were designed for environments where access could be defined ahead of time. That assumption no longer holds in the cloud. Legacy PAM emerged in a world of static infrastructure, long-lived systems, and a relatively small number of privileged users. Access patterns were predictable. Roles could be created in advance, assigned broadly, and reviewed periodically. That model was imperfect, but it worked well enough.

Shai Hulud didn’t invent a new supply chain weakness. It took advantage of something most teams already struggle with: long-lived credentials sitting on developer laptops and CI runners. Once it landed in a workstation or pipeline, it went hunting for secrets, then moved into GitHub, npm, and cloud environments. The damage is huge.

In most organizations, standing privileges don’t show up all at once. They accumulate quietly. A role is added “temporarily.” A contractor needs broad access to finish a project. A service account gets oversized permissions because no one has time to fine-tune them. None of these choices seem harmful in the moment, but over time they build into a privilege surface that’s far too large and far too easy to misuse.

As cloud-native environments become more dynamic, organizations must balance workload security, visibility and control to ensure effective privileged access management. Cloud-Native Application Protection Platforms (CNAPPs) help security teams identify vulnerabilities and misconfigurations across cloud infrastructure, but they typically do not directly enforce privileged access controls at the session or connection level.

At One Identity, we’re all about our customers, and we thrive on customer opinions. We’d love for you to share your One Identity Active Roles story by sharing a review on PeerSpot and be seen as a thought leader. It’s as quick as a 10-15-minute online survey or a phone call.

Identity sprawl is exploding. What was once a manageable set of user accounts has rapidly evolved into a complex ecosystem, comprising human identities, service accounts, ephemeral workloads, APIs, and bots, each with its own permissions and potential blast radius. Machine identities alone now outnumber humans by more than 80:1, creating an ever-expanding attack surface that most teams can’t fully see, let alone govern.

Secrets run your applications: API keys, SSH keys, tokens, passwords, database credentials. They reside in repositories, CI/CD pipelines, infrastructure-as-code templates, containers, and even chat logs; one stray commit is enough to expose a path into production. In 2024, abuse of valid account credentials was the initial access vector in roughly 30% of incidents investigated.

Pillar Security’s recent analysis of Docker’s Agentic AI assistant, Ask Gordon, offers an early glimpse into the security challenges organizations will face as AI systems begin operating inside the development stack. Their researchers discovered that a single poisoned line of Docker Hub metadata caused the agent to run privileged tool calls and quietly exfiltrate internal data.