Why CISOs are betting on identity firewalls to stop the next breach [Q&A]

The network firewall was designed for a world that doesn’t exist anymore. When corporate assets sat behind a data center perimeter, inspecting packets between ‘inside’ and ‘outside’ made sense.

But today, with workloads spread across multiple clouds, SaaS platforms, and edge environments, that perimeter has dissolved. Attackers don’t need to smash through firewalls when they can compromise privileged credentials and operate from within. A rogue or stolen admin account can cause catastrophic damage, something no network firewall can stop. The battlefield has shifted from networks to identities.

We spoke to Amol Kabe, chief product officer at StrongDM, to discuss why traditional network firewalls are no longer enough in the cloud era.

BN: How has cloud computing changed the security model?

AK: Cloud computing fundamentally shattered the idea of a static zone of trust. In the old model, location defined security: if you were on the corporate LAN, you were ‘trusted.’ But now, users connect from everywhere (home offices, airports, coffee shops, etc.) and sensitive data lives across AWS, Azure, Google Cloud, and a growing constellation of SaaS apps. Each of those platforms has its own consoles and admin interfaces, creating sprawling access points that can’t be secured by perimeter defenses. Add in non-human actors like machine identities and AI agents, and you have an environment where ‘inside’ and ‘outside’ no longer exist.

BN: Why isn’t IAM alone enough to solve the problem?

AK: Identity and Access Management (IAM) systems are valuable, but they weren’t designed for today’s distributed, high-velocity environments. Each cloud provider has its own IAM framework, making it difficult for enterprises to manage users and privileges in a unified way. Most IAM systems are also relatively static: once access is granted, it tends to remain until someone revokes it, leaving organizations vulnerable to privilege creep and insider misuse. And while IAM does a decent job managing non-privileged users, it typically falls short when it comes to fine-grained, dynamic control over privileged accounts, the very accounts attackers target most. In short, IAM is necessary, but it’s not sufficient.

BN: What exactly is an identity firewall?

AK: Think of it as a firewall for identities instead of networks. An identity firewall continuously monitors and enforces the privileges of every user, machine, or AI agent in your environment. Rather than inspecting packets, it inspects actions: should this admin be allowed to execute that database command right now? Should that machine identity have write access at this moment, or should its permissions be temporarily revoked? By placing the enforcement point at the level of identity and action, not network traffic, identity firewalls offer granular, dynamic control that traditional tools can’t match.

BN: How does an identity firewall differ from next-generation firewalls?

AK: Next-generation firewalls were an evolutionary step forward, giving organizations flexible virtual perimeters that extended into hybrid and cloud environments. But they still focus on traffic flow, not privilege abuse. An identity firewall flips that model on its head: the perimeter is no longer the network, it’s the identity itself. By integrating with native IAM tools across platforms, identity firewalls provide a centralized vantage point to decide, in real time, whether a given action should be permitted. It’s not about where traffic comes from anymore; it’s about who or what is trying to do something, and whether they should be allowed to do it.

BN: What problems do identity firewalls solve for enterprises?

AK: They tackle one of the thorniest challenges in modern security: over-privileged access. When employees, contractors, machines, and now AI agents all need access to sensitive resources, privileges tend to accumulate. Attackers know this, which is why stolen or misused credentials remain the root cause of so many breaches. Identity firewalls combat this by granting just-in-time, just-enough privileges, and revoking them immediately after use. This reduces insider threat risk, limits the blast radius of credential theft, and eases compliance reporting by proving that sensitive actions are continuously monitored and controlled.

BN: How do identity firewalls affect the end-user experience?

AK: Ironically, they make life easier. Many security tools slow users down with endless authentication challenges or manual approval requests. Identity firewalls, by contrast, automate the process. They dynamically adjust privileges so that users get what they need, when they need it, without unnecessary hoops. From the user’s perspective, access becomes seamless. They don’t even notice the behind-the-scenes checks happening in real time. Security teams often talk about making security ‘invisible’ to the business; identity firewalls come closer than most solutions to delivering on that promise.

BN: Who benefits most from adopting identity firewalls?

AK: Everyone has a stake. CISOs get peace of mind knowing that privilege-related risks, the Achilles’ heel of many organizations, are under control. IT and security teams gain a centralized, automated way to manage access across fragmented environments, instead of juggling half a dozen cloud-specific IAM consoles. And employees benefit from fewer disruptions to their workflows. Identity firewalls are one of those rare technologies that deliver both security and usability, a win for leadership, for IT staff, and for the broader workforce that just wants to get its job done without constant friction.

Image credit: titima157/depositphotos.com