Automate access management for DevSecOps workflows

I was sitting in on a DevSecOps roundtable last week when someone dropped this line: “Shouldn’t more of this stuff be automated?” And damn if that didn’t stop the room. We’ve automated the hell out of everything else: ✅ Infra is ephemeral. ✅ Deployments happen 20x a day. ✅ Workloads spin up and down with every pull request. ✅ Even compliance is starting to shift left. But access? That still takes a ticket, a human, a calendar invite…and a prayer. Let me guess how your “modern” access process works: • Engineer needs DB access • Submits ticket in Jira • Someone in security approves it three hours later • Another person logs into a vault to grab creds • Yet another person pastes them into Slack with a “pls rotate after” • Meanwhile, the infra the engineer needed access to? Already decommissioned. Sound familiar? ➡️This is why automation-first teams are rejecting legacy PAM ⬅️ Not because they don’t care about security. But because security still doesn’t speak the language of automation. At StrongDM, we hear it all the time: “We’ve automated everything…except privileged access.” Or: “We can deploy to prod in minutes, but getting access to prod takes a day.” Or my personal favorite: “We have Terraform provisioning our whole stack… and a Google Sheet for access requests.” Security has to evolve. It has to plug into pipelines, not block them. It has to support real-time controls, not retroactive audits. And it has to treat access like code: governed, versioned, ephemeral, and fast. Ticket-driven access isn’t a control plane. It’s technical debt. And if your environment is cloud-native, your access strategy better be too. Let me know if you’re facing this. I’ve got some battle scars...and some better ideas.