Saviynt’s expanded strategic partnership with Zscaler, explicitly framed around advancing an identity-centric Zero Trust strategy, reflects a consolidation trend that identity governance and administration teams should watch closely: the boundary between network security and identity governance is dissolving, and vendors on both sides are racing to own the integration point.

The problem this partnership addresses is a long-standing architectural gap. Zero Trust frameworks are, in principle, built around the idea that access decisions should be made continuously, based on identity and context, rather than granted once at the network perimeter. In practice, most enterprise Zero Trust deployments have been heavily weighted toward network-layer controls — segmentation, secure web gateways, ZTNA tunnels — while the identity governance layer that should inform those access decisions has often remained a separate, loosely integrated system. The result is Zero Trust architecture that enforces network-level access control without the deep identity context (role, entitlement history, risk score, provisioning status) that should be driving those decisions.

Deepening the SailPoint-adjacent Saviynt-Zscaler integration addresses this directly by feeding identity governance signals — access certifications, entitlement risk scores, anomalous provisioning events — into Zscaler’s network access decisions in real time. This means a user or AI agent flagged as having excessive or anomalous entitlements through the IGA platform can have their network-level access automatically constrained, rather than the identity governance finding sitting in a report that a security team reviews days or weeks later.

The non-human identity implications are significant. AI agents and automated workloads increasingly need network-level access to internal systems and cloud infrastructure to complete their assigned tasks. Without identity governance context feeding into Zero Trust enforcement points, network security teams are left making access decisions about AI agents with no visibility into whether that agent’s underlying entitlements are appropriate, current, or have been reviewed. An identity-centric Zero Trust architecture closes that gap — treating machine identities with the same continuous governance rigour as human ones, and ensuring network access reflects the latest governance state rather than a stale provisioning snapshot.

For CISOs building integrated identity and network security strategies, this partnership is a signal of where the market is heading: Zero Trust architectures that don’t tightly couple network enforcement with continuous identity governance will increasingly be seen as incomplete, particularly as AI agent populations grow and the cost of ungoverned machine access rises.

Source: GlobeNewswire