SailPoint’s acquisition of Entro Security — at approximately $200 million — is the most consequential development in identity governance and administration this year, and its implications extend well beyond the non-human identity security space. For IGA practitioners, the acquisition signals a fundamental expansion of what identity governance means: no longer a discipline focused primarily on human user lifecycle management, but a unified governance framework that spans both human and machine identity across the enterprise.
Entro brings to SailPoint’s platform a set of capabilities that IGA programmes have historically lacked: comprehensive governance of secrets, service account credentials, API tokens, and the other non-human identity primitives that now constitute the majority of enterprise access events. These capabilities have been available as point solutions, but integrating them within the SailPoint identity governance platform creates something qualitatively different — a unified view of entitlements and access risk that spans the full identity estate.
The IGA implications are strategic. Access certification programmes that currently cover only human users leave a significant governance gap when the same data access is occurring through automated processes, AI agents, and machine-to-machine integrations. Entitlement analysis that ignores service account permissions misses some of the highest-risk access in the environment. Role management frameworks that do not account for machine identity access patterns fail to capture the full picture of who — or what — can access sensitive systems.
SailPoint’s acquisition of Entro closes this gap within the SailPoint platform. But it also raises the bar for the broader IGA market. Saviynt, Omada, and other IGA vendors will face pressure to develop or acquire equivalent NHI governance capabilities — or risk being positioned as human-only identity governance platforms in a market that is rapidly recognising machine identity as equally critical.
For enterprise security and identity teams evaluating their IGA strategy, the Entro acquisition is a useful forcing function. The question is no longer whether NHI governance should be part of the identity programme — it clearly should be. The question is how quickly organisations can extend their IGA framework to cover machine identities, and which vendors can best support that extension.
The $200 million price point for a focused NHI security capability underscores the strategic value that the market is placing on this problem. Organisations that have not yet built their NHI governance foundation are falling further behind with every quarter that passes.
Source: megabites.com.ph