With the rise of hybrid cloud architectures, the attack surface has never been larger. This evolution is pushing CISOs to adapt protection strategies, and the CIOs to rethink how identities are managed within the organization, whether they be user identities, customer identities, or machine identities.
$25 billion is the record sum that Palo Alto Networks, a broad-spectrum cybersecurity player, plans to spend to acquire CyberArk, a specialist in identity management. This takeover underscores how central identities have become as information systems grow increasingly hybrid with public cloud. Identity is the keystone of these architectures.
“CyberArk’s offering stands out for its holistic approach to identity management, covering not only privileged access management but all facets of identity management—human and non-human alike. We are a player capable of handling complex, large-scale environments, unlike competitors who may be more specialized or less scalable,” explains Jean-Christophe Vitu, Vice-President and Solutions Engineer EMEA at CyberArk.
The Renewal of Legacy Solutions Has Begun
This turning point will be accompanied by a renewal of identity management platforms that were painstakingly deployed in the 2010s.
“Many legacy systems were simply not designed for the way people work today,” says Allan Camps, Senior Enterprise Account Executive at Keeper Security, a provider of password management and PAM solutions. “Companies must cope with cloud environments, hybrid workforces, and an increasing number of endpoints. On-premises tools often lack the flexibility and visibility that modern organizations need, not to mention the security features necessary to confront today’s dynamic threat landscape.”
Old IAM (Identity and Access Management) solutions that aren’t designed for the Cloud will give way to native SaaS solutions, a trend that will boost this market in the years ahead.
The French company Memority sits at the forefront of this new generation of platforms with what the publisher calls an Identity Factory: “It is a unified solution that automates and orchestrates all types of identities and controls access in a secure, seamless, and compliant manner,” argues Gilles Casteran, CEO and cofounder of Memority.
The Memority platform manages identities and permissions and enables authentication and access control across all services, regardless of use case or population type (B2E, B2B, B2C, and B2IoT).
The Rise of Non-Human Identities
Another lever for refreshing traditional IAM platforms is addressing NHI, Non-Human Identities. Jean-Christophe Vitu explains: “Machine identities are today 82 times more numerous than human identities within companies, yet these identities are still poorly understood and uncontrolled. 42% of them have sensitive or privileged access, and 77% of companies have not implemented security controls for these identities.”
These NHIs are already critical due to the privileges they are granted, and the arrival of agentic AI will only make their importance pivotal for the daily functioning of businesses. Frédéric Cluzeau, President of Hermitage Solutions, agrees with Jean-Christophe Vitu on this point: “These NHIs, whether service accounts, API keys, AI agents, or containers, can wield substantial access rights and privileges over data without being as tightly controlled as identities linked to human users.” The distributor is pushing the Segura identity management platform, which has demonstrated its effectiveness during NATO’s Locked Shields exercise.
Among the major trends driving the replacement of identity management platforms are these non-human identities, the move toward platformization, and, of course, AI, which has a role to play, particularly in detecting anomalous behavior and steering toward more proactive security of accesses and privileges.
