CyberArk’s launch of a Privileged Session Manager designed specifically for cloud environments addresses one of the most persistent gaps in privileged access management: the ability to monitor, record, and control privileged sessions in dynamic cloud infrastructure where traditional PAM approaches were never designed to operate.

The problem is that privileged session management was built for a static world. Traditional PAM solutions assumed a relatively fixed estate: a known set of servers, stable network topologies, and persistent administrative accounts accessed through jump boxes or VPNs. Session recording and brokering worked because the infrastructure being accessed was predictable and slow-changing. Cloud environments break every one of those assumptions. Workloads are ephemeral, scaling up and down in minutes. Privileged access happens through cloud provider consoles, CLI tools, and API calls — not SSH sessions through a bastion host. The attack surface shifts constantly as new resources are provisioned and decommissioned.

CyberArk’s cloud-native Privileged Session Manager targets this gap by extending session brokering, recording, and isolation to cloud-native access patterns. Rather than requiring a traditional proxy architecture, a cloud PSM can broker access to cloud consoles, Kubernetes clusters, and cloud databases — recording the session without requiring agents on ephemeral workloads that may not exist long enough to install one.

The implications for privileged account security in cloud environments are significant. Without cloud-native session management, organisations are forced to choose between two bad options: either they grant direct cloud console access to administrators and AI agents without any recording or isolation, creating a blind spot in privileged access monitoring; or they attempt to force all cloud access through on-premises PAM infrastructure, creating latency, breaking automation workflows, and fighting against the grain of cloud-native operations.

The AI agent dimension adds urgency. As organisations deploy AI agents that require privileged access to cloud resources — to manage infrastructure, deploy code, or access data — session management becomes critical not just for human administrators but for non-human privileged actors. A cloud-native PSM can broker and record sessions for both human and machine identities, providing the same audit trail and access isolation for AI-driven privileged activity as for human operations.

For IAM practitioners managing cloud migrations, this launch reflects a broader truth: privileged access management that was designed for on-premises data centres cannot adequately protect cloud environments without architectural rethinking. Session management that meets cloud workloads where they are — ephemeral, API-driven, and non-human-accessible — is now a baseline requirement rather than a nice-to-have.

Source: eWeek