If you’ve implemented zero trust identity and access management, what tools have been most effective at enforcing strict access controls?

Identity & Access Management (IAM)Zero Trust
3.6k viewscircle icon1 Upvotecircle icon3 Comments
Sort by:
Director of Operations22 days ago

We use OKTA, Cyberark and Azure PIM stacked to require multiple validations and confirmations before anyone can get into our cloud stack with elevated permissions.

Chief Information Security Officer in Finance (non-banking)6 months ago

We’ve implemented One Identity’s Privileged Access Management (PAM) and Identity and Access Management (IAM) solutions to support our Zero Trust strategy. These tools help us strictly manage and monitor privileged accounts, enforce just-in-time access, and consistently align user permissions with business roles.

By centralizing controls and routinely auditing privileged sessions, we’ve been able to significantly reduce the risk of unauthorized access. Additionally, the automation features have streamlined access reviews and policy enforcement, saving our team time while maintaining a strong security posture.

If you have any more questions or would like details on specific configurations, I’m happy to continue the discussion.

Lightbulb on1
CISO in IT Services7 months ago

Microsoft Entra ID specifically with conditional access and privileged identity management (PIM).

Lightbulb on1

Content you might like

Is identity threat detection and response (ITDR) currently part of your IAM strategy?

Yes51%

Not yet - currently exploring/incorporating ITDR44%

No3%

Other

View Results

What do you trust more and are implementing today - Multi-factor authentication or single-sign on ?

Multi-factor authentication60%

Single-sign on26%

Both12%

View Results

I’ve been digging into ways to strengthen Zero Trust on IBM i systems, especially as more orgs shift toward hybrid cloud. I’m curious, how are others approaching threat detection around shadow AI use and supplier exposure in these environments?

Non-human identities (NHIs), such as API keys, service accounts, and tokens, outnumber humans by 25 to 50 times and often go ungoverned. From Entro’s 2025 report:
• 90% have excessive permissions
• 44% are exposed in the wild
• 91% of stale secrets are never revoked

What helped us: inventory, assign owners, right-size access, monitor behavior, and test continuously.

How mature is your NHI program? Biggest barrier, tooling, ownership, or adoption?