The Changing Face of PAM

Privileged access management (PAM) has undergone a tremendous evolution in the past 5 years. No longer are we focused solely on a subset of systems - that only reside within an on-premises environment. Organisations have to contend with a broader array of identities, high risk systems and deployment models that span on-prem, private cloud, infrastructure, containers and SaaS environments.

The breadth and depth of identity types has increased too - from server root accounts, to workloads, service accounts and more latterly specific instances of non-human identities (NHI) along with agentic-AI too.

That initial PAM deployment model - using credential rotation and checkout services alongside basic vaulting - only really supported a subset of the critical high risk systems under management. As the number of variety of systems and services under management increased, the approach to privilege evolved too.

Is AD the PAM Weak Link?

If we pick on Active Directory (AD) for a second, has it become the weak link in the privileged access battle? AD was not built for security. In 2000 the basic security design pattern was built upon private/public network boundaries - coarse grained trust areas that focused on location and IP address. Fast forward to 2026 and organisations design via a zero trust approach - often with the assumption that “controlled” network components and applications are really open to internet access and likely be “breached” already by unauthorised users.

Whilst AD is not solely a PAM platform, it does contain high risk identities, along with being a jump off point for service accounts, administration functions and a broad array of infrastructure support and configuration functions.

Remote access approaches such as VPNs, RDP, MS Terminal Services and RADIUS may well leverage AD as a repository, before vectoring off into an array of on-prem and cloud-integrated relying parties, applications and federated services. But has AD kept up with the variety and complexity of identity related attacks that target both standard and high risk accounts?

Being at the centre of enterprise identity, it can become a fulcrum for cross-identity, privilege-abuse related flows for both internal and external adversarial activity.

What Does Modern PAM Look Like?

PAM is a journey - an evolution - that many organisations are embarking on. We are starting to see PAM require a broader set of integrated identities and systems, but also from an AD point of view, identify a more flexible and just in time approach that covers service accounts and high risk events.

A consistent approach to high-risk access across AD and related systems is needed - that allows organisations to “scale-up” their security strategy to include NHI, agentic-AI and hybrid deployment model.

The Cyber Hut’s next industry webinar will be tackling this topic in more detail. The Cyber Hut founder Simon Moffatt will be in conversation with EMEA Chief Identity Security Advisor Rob Ainscough from Silverfort on March 16th.

They’ll explore:

1. Why traditional PAM models break down in modern, identity-driven environments

2. How runtime, identity-aware enforcement changes the privileged access security model

3. How organizations can expand privileged access coverage to meet protection goals - without slowing the business down

4. How to mitigate the risk of static human and non-human credentials, and move to Zero Standing Privilege

5. How to mature from protecting accounts, to blast radius controls & containing risk

Reserve Your Seat