- Identity is shifting from access setup to runtime control infrastructure.
- Platform mandates and recent M&A are forcing authorization into the critical path.
- Security pressure has moved beyond login toward sessions, tokens, and non-human identities.
- Value is concentrating around identity as a control plane, not a feature.
The Signal
Over the past few weeks, several independent moves converged on the same pressure point. The way trust is handled is changing, and identity is moving into runtime.
Microsoft moved forward with mandatory multi-factor authentication (MFA) for administrative access, turning what used to be “recommended” into a hard baseline. That effectively removed MFA as a differentiator and pushed buyers to look elsewhere for incremental risk reduction.
At the same time, CrowdStrike announced the acquisition of SGNL, a company focused on continuous authorization and policy enforcement rather than authentication. This was not an expansion of login controls, but a move deeper into runtime authorization logic.
In parallel, recurring incidents and disclosures highlighted how access is rarely lost at login anymore. Failures show up later: in stolen sessions, abused OAuth and device-code flows, long-lived tokens, and over-privileged non-human identities embedded in workflows..
Why it matters
The traditional identity model assumed that authorization was mostly static:
- You authenticated.
- You were authorized.
- Trust persisted until logout or expiry.
That model breaks in environments built on SaaS, APIs, automation, and machine identities.
Recent weeks highlighted this gap. Security and operations teams are not struggling with who logged in. They are struggling with what stayed trusted after context changed:
- Sessions remain valid after risk increases.
- Tokens propagate across systems without clear ownership.
- Workflows continue to act long after their original intent expires.
The system behaves as designed. But the design is no resilient enough.
As a result, security pressure is moving past authentication and toward continuous authorization. Trust decisions now need to be evaluated and enforced during operation, not just at the start.
Identity is not becoming less important. Identity is becoming infrastructure that governs ongoing trust, not just initial access.
Implications for investors
When identity becomes runtime infrastructure, market dynamics change.
Authentication features turn into baseline requirements. Differentiation and pricing power move up the stack, toward authorization logic, policy engines, and enforcement that persists during operation.
This favors platforms that can own identity as a control plane and integrate it across endpoint, cloud, SaaS, and workflow layers.
It also increases consolidation pressure. Capabilities that govern runtime trust are difficult to bolt on as plug-ins and tend to become native to the platform.
Categories that stop at access setup face repricing risk as buyers shift spending toward outcomes tied to ongoing control and revocation.
Implications for vendors
Several assumptions weaken under this shift.
- That MFA alone materially reduces risk.
- That authorization can remain mostly static.
- That human identity is the primary problem space.
Vendors focused narrowly on login, access, or point-in-time decisions will feel increasing pressure to expand or integrate.
Capabilities that become mandatory include session governance, token lifecycle control, non-human identity oversight, and revocation that actually propagates across systems.
Vendors that can govern trust dynamically gain gravity. Those that cannot risk becoming features inside larger platforms.
What to watch next
A few observable signals will confirm whether this transition continues:
- Procurement language shifting from access controls to session and authorization governance.
- Platform defaults enforcing identity policies during runtime, not just at login.
- Increased consolidation around authorization engines and policy layers rather than authentication tools.
If these patterns persist, identity will continue to be priced and positioned less like setup software and more like critical infrastructure.
