Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Today we’re introducing Extending Access Duration, a new capability designed to solve a problem we kept hearing about from customers who rely on short-lived, approved access to sensitive systems. Just-in-Time access is the right model for protecting critical resources. But real work does not always fit neatly into the time window defined when an access flow was created.

Getting ready for a SOC 2 audit can feel like an endless checklist. You already have tools collecting logs, provisioning users, and pulling reports from your systems, yet proving compliance still feels harder than it should be. The biggest pain in SOC 2 is not collecting data. It is managing access in a way that continuously aligns with your own policies.

An engineer gets a notification at 2 a.m. because something in production is broken. They need database access right away. For many teams, that access is already sitting there. Standing permissions granted for a past need that no longer exists. Credential abuse is still the most common way for a breach to start. It accounts for roughly 22% of initial attack paths, which is actually ahead of vulnerability exploitation at 20%. In many cases, attackers are not breaking in or exploiting a flaw.

When data programs fail, they usually fail in two very different ways. Weak data governance shows up as overexposed databases, long-lived credentials, and access that quietly expands far beyond intent, often until it’s exploited. Weak data management really breaks trust from the inside out with stale or inconsistent data, pipelines that stall under their own complexity, and bottlenecks that slow decision-making.

Nobody breaks into AWS by logging in as root and announcing themselves. They start with something small, such as a leaked key. IAM:PassRole is the kind of permission that creates a clean privilege-escalation path if you’re not watching it closely.

Over the past two years, we’ve watched a steady wave of acquisitions reshape the privileged access market. For many security leaders, that wave has now hit home. Your PAM vendor has been acquired, absorbed into a larger platform, and suddenly the roadmap you once relied on feels less certain. This moment is easy to dismiss as “business as usual.” It is also one of the rare points where it actually makes sense to step back and reassess your PAM strategy with fresh eyes.

MongoDB powers some of the world’s most modern applications.Everything from self-managed deployments to fully managed cloud environments run with MongoDB Atlas. But as teams scale across environments and projects, managing secure access becomes increasingly complex. Apono brings Just-in-Time, least-privilege access to MongoDB services across MongoDB, MongoDB Atlas, and MongoDB Atlas Portal.

Security powerhouse CrowdStrike made headlines this week with a major acquisition in the identity space with their purchase of SGNL for a reported $740 million. If you’re wondering why did CrowdStrike buy SGNL, you’re asking the right question. And you’re probably not alone. Over the past year, we’ve watched some of the largest security platforms in the world spend real money acquiring identity security companies.

As cloud environments sprawl and engineering teams scale, the number of identities you manage has exploded. It’s no longer just employees and contractors; CI/CD pipelines, service accounts, API tokens, and AI-powered agents are all asking for access to production systems and sensitive data. It’s no shock that identity has become a top-line priority for security and platform leaders.

Just-in-Time access is widely accepted as a best practice for reducing standing privilege. The challenge for most organizations is not deciding to use JIT, but designing access policies that actually reduce risk without slowing engineers down. Security teams want tighter controls, stronger auditability, and less standing access. Engineering teams need fast, predictable access to do their work. When approval policies are too rigid, teams get blocked or work around controls.