Keeper launches Privileged Cloud for zero standing access
Fri, 17th Jul 2026 (Today)
Keeper Security has introduced Keeper Privileged Cloud within its KeeperPAM platform, aiming to eliminate standing privileged access in cloud identity systems.
The product provides just-in-time access across identity and cloud platforms including AWS IAM, Azure Entra ID, Google Cloud Platform, Okta and Active Directory. Access is granted only for an approved session and is revoked automatically when that session ends.
The launch addresses a persistent problem in identity security: privileged credentials often remain available after the task that required them is complete. If an account is compromised, those dormant permissions can give attackers a path into administrative systems.
Keeper cited its own research showing that 64% of organisations do not have fully consolidated privileged access governance, while 43% still allow direct application logins that bypass their identity provider. It also found that 55% of organisations in Asia-Pacific use identity providers for everyday logins, but only 36% have deployed privileged access management.
How it works
In Keeper's model, a user requests elevated access and, once approved, receives a temporary role assignment or group membership in the target identity platform. That access is limited to a pre-set time window defined by an administrator.
The user then opens the target console or application from the Keeper Vault through remote browser isolation. Activity during the session is recorded and analysed in real time by KeeperAI, and elevated access is removed automatically when the approved period expires.
The process avoids creating standing accounts and removes the need to share privileged credentials directly with end users. It also eliminates manual clean-up after each session ends.
Audit trail
Keeper is positioning the new feature as an alternative to stitching together access controls across identity providers, cloud platforms and separate privileged access tools. In many organisations, those systems create separate records and require administrators to manage policy and enforcement in different places.
By bringing password management, secrets management, session management and endpoint privilege management into one platform, organisations can keep governance and audit records in a single system. Keeper added that the same model can apply to machine identities and AI agents as well as human users.
This reflects a broader shift in cybersecurity, where identity has become a primary attack route. Administrative access, service accounts and automated identities have drawn increasing attention from security teams because they often carry extensive permissions and can be difficult to track once created.
Keeper said its architecture is built around a zero-knowledge model, meaning governance, credential protection and audit are handled within the same framework. The company argues that this reduces the complexity that often comes with third-party connectors and separate integration projects.
Craig Lurey explained the rationale behind the design.
"The challenge with standing privileges is that removing them requires coordination across multiple systems that were never designed to work together. Most JIT access tools are added after the fact, as a layer on top of systems that were never built to revoke access automatically. Because Keeper Privileged Cloud was built into KeeperPAM from the ground up, rather than layered on afterward, access governance, credential protection and audit all live in the same zero-knowledge architecture. That is the only way zero standing privilege holds up at scale, instead of becoming one more system to maintain," said Craig Lurey, Chief Technology Officer and Co-founder, Keeper Security.
The feature is included in existing KeeperPAM licences and is available as part of the broader platform rather than as a separate product.
The move comes as security vendors place greater emphasis on reducing persistent access rights, particularly in cloud environments where administrative privileges can be granted quickly but are not always removed with the same discipline. For many organisations, the issue is less about creating access than ensuring it disappears once the work is done.
Keeper's figures suggest this remains a weak point in many identity programmes, especially where identity providers are widely used for standard employee logins but privileged access management is less mature. That gap leaves a higher-risk layer of access outside the controls organisations may already apply to routine authentication.
The new feature covers human and non-human identities and provides a complete audit record for each task and session.