When Neha and Kelsey said the quiet part out loud about privileged access

I watched this ISMG interview with Neha and Kelsey, and a few things stood out to me. First, it made me proud. They spend every day deep in customer conversations, product decisions and real implementation details, yet they still find the time to communicate the story with clarity and with a focus on what matters. It is one thing to build a platform. It is another to explain why the problem exists at all and how teams can move forward practically.                              

They are also echoing what I keep hearing from CISOs, cloud platform teams and Gartner analysts at this year’s conference. The surface area of privileged access has changed more than most teams realize. Many organizations still have tooling built for a world of static servers and predictable access paths, yet the reality is a mix of cloud services, workloads that appear and disappear, non-human identities that outnumber humans and agentic systems that are proliferating at a speed no one anticipated. The gap between those two worlds has become the core risk.    

‍The shift from authentication to authorization is the theme I hear in every CISO conversation. Customers are not struggling to prove someone is who they say they are. They are struggling to decide what that person, workload or agent should be allowed to do at the moment they need access. This is the heart of the problem, and it is where legacy tools show their age. And so, PAM needs to evolve from managing static credentials to controlling authorization across production systems.    

The interview also underscored something Gartner spent a lot of time on this year. Fragmentation is a real blocker. One tool discovers entitlements. One manages shared credentials. One enforces policy for a single cloud. One tracks sessions. All of them see a slice of the picture, and none of them share enough context to give teams a complete view. You end up with a patchwork, built on legacy tooling like vaults and bastions,  that adds operational load, without reducing standing privilege or static credentials..    

This is exactly what our recent announcement about ZSP is about. Customers want one model of identity and access, one place to understand where standing privilege exists, one lifecycle that connects discovery, risk, policy and enforcement. The only way to make real progress is to unify the identity and access context, then automate the decisions that follow. The interview touched on all of that. It reflects what customers have been asking for long before we put a name to it.    

The last point I would add is about pace. Agentic systems are accelerating everything. They increase the number of access paths, expand the impact of bad permissions and highlight the limits of tools built for manual control. The customers who are staying ahead are the ones who simplify the access model and lean into governance automation across all identity types - instead of adding more infrastructure around the edges.    

That is why this interview resonated with me. It shows two leaders who understand the problem with clarity and who are building for the world our customers live in today.    

If you have not watched it yet, I encourage you to take a few minutes. It is a clear and practical look at where privileged access is heading and why ZSP at scale is becoming the standard teams are aiming for: ISMG interview!    

‍