In today’s cloud environments, identity is the new security perimeter.
A new generation of cloud services, automated workflows and AI-integrated applications is driving an explosion of nonhuman identities — service accounts, APIs keys, OAuth tokens and roles that require persistent access to operate. These identities outnumber human users and frequently run with elevated privileges, creating a rapidly expanding attack surface that traditional security controls were not designed to govern.
Cloud risk doesn’t become material until an identity can exploit it. In large multicloud environments, thousands of roles, service principals and machine identities inherit permissions through nested policies and cross-account trusts. Effective access often bears little resemblance to intended access. CIEM provides the missing layer of exploitability context inside CNAPP, calculating who can reach sensitive resources, exposing toxic permission paths and shrinking blast radiuses before attackers can leverage valid credentials. Without entitlement intelligence, posture findings remain isolated signals. With it, security teams can prioritize and remediate based on real access risk.
Palo Alto Networks Cortex CloudTM has been named a Leader and an Outperformer in the 2026 GigaOm Radar for Cloud Infrastructure Entitlement Management (CIEM), positioned in the Innovation / Platform Play quadrant. The recognition reflects both the maturity of Cortex Cloud Identity Security and the importance of CIEM as a foundational capability for securing modern multicloud environments.
Why CIEM Is Foundational to the Modern CNAPP
Identity has become the primary pathway attackers use to move through cloud environments. Recent incident response data shows identity weaknesses involved in nearly 90% of investigations, with a majority of initial access relying on stolen credentials, hijacked sessions or the abuse of excessive privileges. Attackers log in rather than break in, using legitimate access to move laterally while avoiding traditional detection controls.
In large multicloud estates, entitlements continuously expand as new services are deployed and third-party integrations are added. Identities tend to accumulate permissions that extend well beyond original purposes. Dormant accounts persist and cross-account trusts multiply. Privilege inheritance through nested policies makes effective access difficult to understand.
Nonhuman identities, often operating with elevated privileges and far outnumbering human users, amplify the problem. Ephemeral resources, too, present challenges, as the permissions granted to them can persist indefinitely, leaving invisible access pathways across the environment.
Without CIEM, security teams lack the context to understand how identities, permissions and resources connect, which makes it difficult to reconstruct attack paths. CIEM provides continuous visibility into who — or what — can access critical assets. Organizations can now enforce least-privilege and piece together the full risk story across their cloud ecosystem.
Key Highlights from the GigaOm CIEM Report
GigaOm recognized Cortex Cloud for strong performance in the capabilities that most directly reduce identity-driven risk in complex multicloud environments:
- AI-Driven Detection of Identity Threats: Identify compromised credentials, privilege escalation and abnormal access patterns early using machine learning–based behavioral analysis across cloud environments.
- Continuous Governance of Permissions: Maintain control over identity sprawl by tracking entitlements throughout their lifecycle, uncovering dormant accounts, orphaned privileges and policy violations before they can be exploited.
- Audit-Ready Compliance at Scale: Demonstrate continuous compliance with major regulatory frameworks through automated monitoring, immutable audit trails and approval workflows that govern configuration changes.
One Platform to Control Identity Risk in the Modern Cloud
Beyond individual capabilities, the report highlights the importance of integrated solutions. Organizations increasingly seek platforms that correlate identity risk with misconfigurations, vulnerabilities and runtime threats across cloud environments.
“Cortex Cloud delivers cloud infrastructure entitlement management through a unified data lake architecture that consolidates identity security with CNAPP capabilities across AWS, Microsoft Azure and GCP.” — GigaOM
Cortex Cloud offers CIEM as part of a unified code-to-cloud-to-SOC platform, combining identity security with posture management, data security, threat detection and compliance capabilities. This integration enables security teams to prioritize risk based on real impact rather than isolated findings.
Advancing Identity Security for the Cloud and AI Era
Identity governance is foundational to securing today’s cloud. As infrastructure becomes more dynamic and machine identities proliferate, organizations need continuous visibility and automated controls to prevent identity gaps from becoming cloud ecosystem entry points.
Recognition as a Leader and Outperformer in the 2026 GigaOm CIEM Radar reflects Cortex Cloud’s ability to address modern challenges while supporting the broader goal of securing innovation across the entire lifecycle, from development through operations.
Read the GigaOm Radar for Cloud Infrastructure Entitlement Management Report 2026 to see how leading platforms approach entitlement risk — and why Cortex Cloud was recognized as a Leader and Outperformer.