Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As cloud environments sprawl and engineering teams scale, the number of identities you manage has exploded. It’s no longer just employees and contractors; CI/CD pipelines, service accounts, API tokens, and AI-powered agents are all asking for access to production systems and sensitive data. It’s no shock that identity has become a top-line priority for security and platform leaders.

Just-in-Time access is widely accepted as a best practice for reducing standing privilege. The challenge for most organizations is not deciding to use JIT, but designing access policies that actually reduce risk without slowing engineers down. Security teams want tighter controls, stronger auditability, and less standing access. Engineering teams need fast, predictable access to do their work. When approval policies are too rigid, teams get blocked or work around controls.

With so many applications and user accounts to govern and manage, IGA is often a headache that keeps you up at night and plagues your organization with unused or less-used credentials that put your company at risk. One Identity Manager release 10.0 offers new value to make your job easier, your identity landscape safer and provides the flexibility you need to support your business as it grows and evolves.

PAM solutions increasingly focus on zero standing privilege, just-in-time access, and session visibility to reduce identity-based risk and meet Zero Trust and cyber insurance requirements. Organizations should evaluate PAM platforms based on deployment flexibility, identity integration, and operational overhead.

Identity security didn’t suddenly fail us. It didn’t break. It just grew apart. Many agile changes started as smart, necessary business decisions – cloud adoption, remote work, SaaS acceleration, mergers and acquisitions – all of which quietly reshaped identity into something far more distributed than it was ever designed to be. Each move solved a real problem in the moment. But collectively, they created something harder to manage: Identity siloes that don’t communicate.

Privileged access programs were designed for environments where access could be defined ahead of time. That assumption no longer holds in the cloud. Legacy PAM emerged in a world of static infrastructure, long-lived systems, and a relatively small number of privileged users. Access patterns were predictable. Roles could be created in advance, assigned broadly, and reviewed periodically. That model was imperfect, but it worked well enough.

Shai Hulud didn’t invent a new supply chain weakness. It took advantage of something most teams already struggle with: long-lived credentials sitting on developer laptops and CI runners. Once it landed in a workstation or pipeline, it went hunting for secrets, then moved into GitHub, npm, and cloud environments. The damage is huge.

In most organizations, standing privileges don’t show up all at once. They accumulate quietly. A role is added “temporarily.” A contractor needs broad access to finish a project. A service account gets oversized permissions because no one has time to fine-tune them. None of these choices seem harmful in the moment, but over time they build into a privilege surface that’s far too large and far too easy to misuse.

As cloud-native environments become more dynamic, organizations must balance workload security, visibility and control to ensure effective privileged access management. Cloud-Native Application Protection Platforms (CNAPPs) help security teams identify vulnerabilities and misconfigurations across cloud infrastructure, but they typically do not directly enforce privileged access controls at the session or connection level.

At One Identity, we’re all about our customers, and we thrive on customer opinions. We’d love for you to share your One Identity Active Roles story by sharing a review on PeerSpot and be seen as a thought leader. It’s as quick as a 10-15-minute online survey or a phone call.