When Identity Gets Acquired, Authorization Gets Real
Identity security is on the financial map again with Palo Alto Networks' Acquisition of CyberArk. But what does it mean for new players disrupting legacy incumbents?
Date
Aug 1, 2025
Author
Jesse Scott
Topics
FEATURED
COMPANY
IDENTITY SECURITY
Share this post
The identity market just took a seismic step. Palo Alto Networks announced a $25B acquisition of CyberArk, merging a network and cloud security powerhouse with the stalwart in privileged access management (PAM). The strategic logic is clear: identity is the perimeter.
According to Palo Alto Networks, the $29B identity security opportunity – bolstered by the rise of AI agents and machine identities – represents the next frontier in their platformization journey. This deal isn’t just about privileged access; it’s about owning the identity layer across all major cybersecurity categories, from network to SASE to SOC.
But in chasing breadth, the question becomes depth – especially at the moment of access.
When identity gets acquired, something else becomes clear:
Authorization gets real.
While incumbents consolidate around login, vaults, and perimeter enforcement, the real risks – and opportunities – lie in what happens after the front door opens. That’s why Opal was purpose-built, not to manage identities, but to govern what they’re allowed to do – across every layer of the stack, in real time, and without locking you into a vendor's worldview. It’s time we talk about what comes next.
Identity Was the Front Door. Authorization Is the Whole House.
Authentication – login, SSO, MFA – has matured, but authorization is still duct-taped together with static roles, brittle policies, and ticket-based approvals. Most organizations can’t answer basic questions:
Who can access what?
Why do they have it?
What happens if we remove it?
Even worse, they don’t realize they can’t answer them until a breach forces the issue. That’s because the status quo for authorization – unlike authentication – lacks central enforcement backed by real-time visibility and lifecycle ownership.
These conditions fuel "identity drift": a slow, silent sprawl of entitlements, privileges, and machine accounts that quietly grow blast radius while leaving security teams blind. It’s showing up in breaches everywhere:
Okta: excessive standing privileges in support tools
Snowflake: persistent access sessions with no runtime controls
SharePoint: nested groups masking high-risk access paths
23andMe: impact driven not by login flaws, but by overbroad authorization defaults
And it’s only accelerating.
Why Platformization Is Not the Path Forward
The promise of the PANW–CyberArk acquisition is simplicity: a single platform, one pane of glass, reduced vendor count. Palo Alto and CyberArk claim platformization will “enable better security posture” and “accelerate growth and innovation” by converging fragmented identity tooling. But when over a hundred identity vendors are jammed into one pane of glass, complexity doesn’t disappear – it multiplies beneath the surface. As their own investor materials admit, PAM is now expected to stretch across more than a billion users, up from the 8 million served today. That’s a tectonic shift in operational scope – and operational debt.
But this promise has three critical flaws:
Loss of Optionality
Tying your entire identity and access model to a single vendor stack (and roadmap) limits your ability to adopt new clouds, AI workflows, or modern engineering platforms. Innovation slows. Risk compounds.
Collapse of Defense-in-Depth
Good security depends on separation of concerns. When your firewall, identity broker, vault, and access policies all come from the same vendor, a single misconfiguration can compromise your entire environment.
Hidden Complexity, Deferred Debt
Acquisitions merely bury complexity. Behind "unified" platforms are haphazardly stitched-together dashboards, redundant agents, brittle connectors, and siloed telemetry. The result is fragmented ownership, rising operational cost, and brittle dependencies across teams – none of which solves for the growing risk and burden fueled by access across dynamic systems.
Modern infrastructure depends on automation, orchestration, and, increasingly, non-human actors that request access continuously and at scale.
Any identity strategy that doesn’t account for this shift is already behind.
The Non-Human Identity Shift
The PANW–CyberArk vision does correctly acknowledge this shift, noting that non-human identities (NHIs) now outnumber humans by 80:1 and are accelerating with the rise of AI agents. But their proposed solution of integrating these agents into a legacy PAM framework misreads the nature of the problem.
Unlike human users, most NHIs are autonomous systems with ever-evolving context and purpose: from CI/CD pipelines and service accounts to agents that are reading data, executing workflows, and modifying infrastructure. They call APIs, spin up containers, and request ephemeral permissions at runtime, among other activities – none of which align to the static roles, durable sessions, or predefined access paths for which legacy IAM tools were built.
What’s needed now is runtime-native, context-aware, entity-agnostic authorization.
That’s what Opal delivers.
What Makes Opal Different
Opal unifies access governance – not by bundling it into a monolith, but by taming it with intelligence orchestrated across modern architectures. More specifically:
Extensible-based Access Control (xBAC): Our policy engine supports a flexible xBAC model, blending roles, attributes, and relationships to evaluate access. It adapts to varied requirements – governing based on identity, context, and organizational structure – all in one decision framework.
Policy-as-Code: Opal lets teams define policies in code, manage them in CI/CD, and enforce them consistently. Rules are versioned, testable, and peer-reviewed – treating authorization logic with the same rigor as production software.
Just-in-Time Access: Rather than pre-granting access, Opal provisions it on demand. Temporary, scoped, and auto-expiring. This minimizes privilege exposure and supports least-privilege workflows at scale.
Signal-Informed Decisions: We factor in live signals – risk scores, behavior anomalies, device posture – to inform every access decision. If context shifts, access changes too.
Entity-Agnostic Controls: Opal applies the same policies to human users, service accounts, containers, and agents. Every identity is governed with equal rigor, eliminating blind spots in non-human access.
Composable Architecture: Opal integrates cleanly across multi-cloud and hybrid stacks. We don’t force a single IDP or vendor. You get modular control without lock-in.
Why This Matters Now
The attack surface has changed: identities are dynamic, access is ephemeral, agents are autonomous, and workloads are transient. However, too many organizations are still stuck in legacy models governed by static roles, manual approvals, and periodic reviews.
This mismatch creates invisible risk and unmanageable overhead while attackers exploit what defenders can’t see: misconfigured policies, dormant access, machine identity sprawl.
Authorization has become the most actionable, most neglected layer in cybersecurity.
PANW and CyberArk’s merger aims to unify identity under a single platform with a combined customer base spanning 80,000+ organizations. Their stated goal? Secure “every identity with the right level of privilege.” But that’s only half the equation. The other half is timing – and runtime context is what legacy privilege models fail to address. This is why real-time, signal-informed authorization isn’t just a feature; it’s the new perimeter.
And that’s our focus at Opal – giving security teams their control plane back.
Where We Go From Here
The PANW + CyberArk deal marks a consolidation of the old world – a merging of perimeter and vault, designed to serve a human-centric, login-first past. Their strategy is clear: cover every major cybersecurity TAM and assert platform leadership across firewall, SASE, SOC, and now identity. However, their own evolution – from a $2.6B firewall vendor in 2018 to a projected $257B TAM behemoth by 2028 – reveals the problem: they’re treating identity like just another acquisition milestone.
But identity isn’t a bolt-on; and authorization isn’t a feature. It’s the foundation for governing distributed, autonomous, and continuously changing systems. AI agents, ephemeral workloads, and infrastructure-as-code all rely on authorization that adapts with context (not static permissions set once and reviewed later). This shift requires an approach rooted in:
Just-in-time access by default
Policies defined as code, not by dashboards
Controls covering all identities – human and non-human alike
Authorization decisions informed by real-time signals
The future of identity security is authorization-first, which is why leading security teams choose Opal:
To cut operational overhead
To shrink blast radius
To support AI workflows and platform engineering
To unify governance across humans, machines, and everything in between
If you're building security for the next decade – not the last – we'd love to talk.
We’ll be at Black Hat next week. Come find us.