Introduction
In one of the most significant corporate moves in cybersecurity this year, perhaps right up there with Google’s acquisition of Wiz, Palo Alto Networks recently announced its intention to acquire CyberArk, the long-established leader in identity and privileged access security, in a deal that appears to be valued at approximately $25 billion.
This acquisition clearly demonstrates that identity security has transitioned from a niche discipline to a foundational component of modern enterprise defense. From my vantage point at TAG Infosphere, it seems especially interesting that a company like Palo Alto Networks, with its roots in the perimeter firewall, would be spending this type of money on an identity firm.
SPHERE
In the sections below, let’s spend some time digging into what this obviously increased focus on identity security means for enterprise practitioners working for CISO, as well as for other participants in our industry, including cybersecurity vendors, government regulators, and venture capital investors.
Identity Security Is No Longer Optional
What seems the most obvious change here is that identity security appears to be moving from a back-office IT attribute, perhaps buried somewhere in the metadata, to a front-office control, now rivaling major utilities like next generation firewalls in their ability to ensure secure operation of new technologies such as artificial intelligence (AI).
What has driven this change is that as the traditional enterprise perimeter dissolved into the public cloud, the identity of a user becomes a primary means by which access decisions are made. CyberArk’s PAM and lifecycle management technologies are key to such functionality, and we expect to see Palo Alto Network leverage this for continued business growth.
Identity Hygiene
The acquisition also spotlights a security principle that we see often overlooked: Identity hygiene. Cybersecurity practitioners already know that hygiene is necessary for properly discovering, cleaning, and governing the infrastructure supporting their operations. But they have also come to understand the need for hygiene in the identities of their users.
Cybersecurity vendor SPHERE, for example, highlights the essential nature of attending to shadow accounts. These so-called “abandoned doors” exist within identity fabrics that adversaries can exploit. If shadow accounts are not properly cleaned, then hackers can leverage unmanaged identities to engage in serious attacks.
Legacy IAM and PAM systems, even advanced ones like CyberArk’s, rely on accurate input to enforce least privilege and just-in-time access. Without identity hygiene, these systems falter, and gaps will persist. The integration of hygiene practices, as with platforms such as SPHERE’s, transforms good security into enterprise-grade protection.
SPHEREboard for CyberArk PAM
The good news is that identity hygiene products exist that work with platforms such as CyberArk. SPHERE has translated their hygiene into products like SPHEREboard for CyberArk PAM, which delivers real-time dashboards, remediation workflows, and full visibility across privileged access assets and shadow accounts for CyberArk users.
Using SPHEREboard for CyberArk PAM, an enterprise can proactively discover orphaned accounts, stale privileges, and misconfigurations. SPHEREboard can drive them into CyberArk’s PAM workflows for remediation, thus ensuring that the controls of CyberArk are fed accurate, clean identity data, turning hygiene from intermittent audit into continuous security.
Building Platforms on Hygiene
As should be evident, Palo Alto is entering identity security with their planned acquisition, at a time shaped by AI, machine identities, and enterprise complexity. Their experience management team obviously recognizes that future identities, including for AI agents, DevOps tokens, ephemeral cloud services, are the new privileged users.
We hope readers will take the time to review how SPHEREboard for CyberArk PAM can drive world-class identity hygiene in the AI era, with modular, visible, and integrated support. Our observation at TAG is that the SPHERE platform can reinforce CyberArk’s promise of least-privilege and just-in-time access, ensuring that identity security is resilient and actionable.
Let us know what you think.
We are always interested in hearing from you.
