PAM 
As Artificial Intelligence (AI) agents become more autonomous by accessing critical systems and acting without real-time human oversight, they are evolving from productivity tools into active
3 min read
Published on January 02, 2026
As cloud-native environments become more dynamic, organizations must balance workload security, visibility and control to ensure effective privileged access management. Cloud-Native Application Protection Platforms (CNAPPs) help security teams identify vulnerabilities and misconfigurations across cloud infrastructure, but they typically do not directly enforce privileged access controls at the session or connection level. Because of this gap, organizations need to invest in a Privileged Access Management (PAM) solution like KeeperPAM® that integrates with CNAPPs to extend risk insights into actionable access control. KeeperPAM’s zero-trust, zero-knowledge architecture helps organizations reduce the attack surface, eliminate standing access and secure access to cloud workloads without disrupting operations.
Continue reading to learn more about CNAPPs and KeeperPAM, as well as how integrating KeeperPAM with CNAPP can help organizations build a more complete cloud security strategy.
What is a CNAPP and why does it matter?
A CNAPP is a unified security solution made to protect modern cloud-native applications across the entire software development lifecycle. CNAPPs combine capabilities like Cloud Security Posture Management (CSPM) and Cloud Infrastructure Entitlement Management (CIEM) into a single platform, providing centralized visibility into misconfigurations and excessive permissions. Popular CNAPP solutions include Wiz, Prisma Cloud and Microsoft Defender for Cloud, all designed to help security teams identify high-risk threats and prioritize them earlier in the development lifecycle.
Since cloud-native environments are highly dynamic and distributed, traditional security approaches are no longer sufficient. As a result of shifting permissions and scaling workloads, organizations face challenges such as an expanded attack surface and an increased risk of privilege abuse. Fortunately, CNAPPs deliver near real-time visibility and risk context across cloud workloads, helping teams enforce security policies more effectively in constantly evolving environments.
What is KeeperPAM?
KeeperPAM is a cloud-native PAM solution that secures access to critical infrastructure across hybrid and multi-cloud environments. It combines enterprise password management, secrets management and privileged session management into a unified platform. By centralizing how privileged credentials are stored and monitored, KeeperPAM helps organizations eliminate standing access through Just-in-Time (JIT) provisioning, reduce credential sprawl and enforce least-privilege access across servers, applications and databases.
Built on a zero-trust, zero-knowledge architecture, KeeperPAM supports Just-in-Time (JIT) access without exposing credentials. It supports session monitoring and recording, with additional features such as Remote Browser Isolation (RBI), to allow organizations to control and audit privileged activity while preventing malware exposure. As a cloud-native solution, KeeperPAM offers fast deployment with minimal infrastructure changes, making it ideal for DevOps teams that move quickly. Keeper has been recognized in the 2025 Gartner® Magic QuadrantTM for PAM, which we believe reinforces Keeper’s position as a trustworthy solution for organizations seeking to modernize their privileged access strategies.
How does KeeperPAM integrate with CNAPPs?
KeeperPAM integrates with CNAPPs to secure privileged access across cloud-native applications, workloads and pipelines. While CNAPPs help organizations understand their cloud security risks, a solution like KeeperPAM is essential for enforcing least-privilege access and zero-trust security at the access and session layer. Here’s how KeeperPAM complements CNAPPs:
- API-based secrets injection into CI/CD pipelines: By integrating directly into CI/CD pipelines, KeeperPAM enables cloud-native applications and workloads to access secrets securely at runtime. This eliminates hardcoded secrets and reduces the risk of secrets sprawl throughout the Software Development Lifecycle (SDLC).
- Role-based access provisioning with IdPs: KeeperPAM integrates with Identity Providers (IdPs) like Azure, Okta and Ping, enforcing Role-Based Access Controls (RBAC) aligned with organizational access policies and roles. It ensures access provisioning is based on the appropriate context, such as identity, role and approval workflow, and can be informed by cloud risk insights identified by CNAPPs.
- Secure access to cloud-native workloads: KeeperPAM protects privileged access to the same cloud-native applications and workloads that CNAPPs monitor, including containers, Virtual Machines (VMs), Kubernetes clusters and cloud databases. Together, KeeperPAM and CNAPPs enable organizations to identify security risks in real time and actively manage privileged access to sensitive resources.
- Zero-trust tunnels to cloud resources: Privileged access is granted through zero-trust tunnels that don’t require Virtual Private Networks (VPNs) or inbound firewall ports. By enforcing zero-trust access whenever a user connects to cloud resources, KeeperPAM helps minimize the attack surface while enabling secure access to cloud-native infrastructure.
- Privileged session monitoring and recording: KeeperPAM provides real-time privileged session monitoring and recording, providing security teams full visibility into privileged activity. Enhanced by KeeperAI, KeeperPAM enables organizations to enforce JIT access and detect anomalous behavior, with the ability to automatically terminate sessions based on policy or risk signals.
Secure your CNAPP stack with zero-trust privileged access
CNAPPs are crucial for organizations to identify cloud security risks across modern environments, but visibility alone may not be enough to prevent cyber attacks. To reduce cloud security risks, organizations should use a PAM solution like KeeperPAM to enforce least-privilege access and zero-trust security across the cloud resources that CNAPPs monitor. By integrating KeeperPAM with CNAPPs, security teams can detect risks in real time and enforce proper access controls across privileged sessions. KeeperPAM delivers zero-trust privileged access to complete your CNAPP stack, helping prevent credential abuse, eliminate standing access and reduce your attack surface across cloud-native environments.
Start your free trial of KeeperPAM to improve your cloud security strategy.
