Identity Security for VMware Cloud Foundation – IAM, PAM, and Zero Trust Access

Identity is now the primary security perimeter.

In the latest episode of the Virtually Speaking Podcast, we sat down with Lee Howard, Head of IAM Product Management at Broadcom, to explore how Identity Security for VMware Cloud Foundation (VCF) enables secure, scalable, zero trust access across modern private cloud environments.

This episode is part of our VCF Advanced Services series, where we highlight the capabilities that strengthen security, compliance, and operational control beyond core infrastructure.

This conversation explores why identity can no longer be treated as a bolt-on security function. In a world of Kubernetes workloads, API-driven applications, AI systems, and sovereign cloud requirements, identity must be foundational.

From Static Authentication to Zero Trust

Traditional identity strategies were built around directory services, static policies, and basic single sign-on. That model worked when applications were centralized and users operated within defined network boundaries.

Modern private cloud is different.

Users are distributed. Applications are containerized. Services authenticate to other services. AI agents and automation platforms act independently. In this environment, identity must be continuous, contextual, and risk-aware.

A zero trust architecture evaluates not just who is logging in, but how, where, and what they are attempting to access. Identity security becomes dynamic, adapting to behavioral signals, privilege levels, and environmental context.

This is where modern IAM and PAM capabilities become critical.

IAM and PAM in VMware Cloud Foundation

Identity and Access Management (IAM) governs authentication, authorization, and federation using standards like SAML and OpenID Connect. In a private cloud built on VMware Cloud Foundation, IAM must be API-driven and DevOps-friendly, allowing application teams to integrate identity into modern workflows without rigid, proprietary constraints.

Privileged Access Management (PAM) protects the most sensitive layer of the environment: administrative and root-level access. PAM enforces least-privilege access, secures credentials in vaults, rotates passwords automatically, and records privileged sessions. This reduces the risk of insider threats, credential misuse, and lateral movement during a breach.

Importantly, identity security now extends beyond human administrators. Machine identities, service accounts, and automation systems must also be governed. As Kubernetes and AI workloads expand, managing secrets and non-human access becomes just as important as managing user logins.

Kubernetes-Native Identity for Private Cloud

The Identity Security platform runs on Kubernetes within VMware Cloud Foundation. This cloud-native architecture enables rapid deployment, auto-scaling during authentication spikes, and zero-downtime upgrades.

Identity services are mission-critical. If authentication fails, everything fails. A Kubernetes-based design ensures resilience and operational efficiency while avoiding the overprovisioning required by legacy identity systems.

Identity as a Core Platform Capability

As organizations reassess workload placement, sovereignty requirements, and AI adoption strategies, identity becomes central to private cloud design. It must support zero trust access, regulatory compliance, machine identity management, and unified control across environments.

Identity security is no longer just about logging in. It is about controlling access everywhere  across users, applications, services, and data.

And in a modern VMware Cloud Foundation environment, it is built directly into the platform.

What’s Next in the Series

This episode is part of our ongoing Virtually Speaking series focused on the Advanced Services available in VMware Cloud Foundation. Each episode takes a closer look at a specific service and the real-world outcomes it enables, with the people who build and deploy these solutions every day.

In the coming episodes, we will continue exploring services that extend VCF beyond core infrastructure, including areas like advanced networking, security, data services, observability, and AI. The goal of this series is to show how these capabilities work together to help organizations modernize infrastructure, secure applications, and accelerate innovation.

Be sure to follow the series as we continue to break down each Advanced Service and the role it plays in building a modern private cloud with VMware Cloud Foundation.

Watch The Full Episode

Links Mentioned

• Virtually Speaking Series Overview
• VMware Cloud Foundation & Advanced Services Info
• VMware Advanced Cyber Compliance (ACC)
• VMware vDefend (Advanced Security)
• VMware Avi Load Balancer
• VMware Tanzu Data Intelligence
• VMware Data Services Manager (DSM)
• Network Observability for VCF
• ValueOps by Broadcom
• Identity Security for VCF
• VMware Cloud Foundation YouTube Channel
  

The Virtually Speaking Podcast

Virtually Speaking is a technical podcast dedicated to discussing VMware technology topics related to private and hybrid cloud. Each week Pete Flecha and John Nicholson bring in various subject matter experts from Broadcom and from within the industry to discuss their respective areas of expertise. If you’re new to the Virtually Speaking podcast, check out all episodes on vspeakingpodcast.com and follow on X @VirtSpeaking.