Blog

Formal named Cloud Security Segment Leader in Latio Market Report

Formal has been recognized as an Cloud Security Segment Leader in the new Latio Cloud Security Market Report. This recognition underscores our team’s unwavering commitment to building a solution that safeguards our customer’s most critical infrastructure.

Bacha
Mokhtar Bacha
Founder & CEO
Formal Final

The Shift within Cloud Security and Privileged Access Management

Cloud Security is undergoing the most significant transformation since the rise of CNAPP. As infrastructure, data, and AI systems converge, the traditional separation between Cloud Security and Privileged Access Management (PAM) is disappearing.

What used to be distinct layers – runtime protection, posture management, identity access – are now merging into a single continuum of visibility and enforcement.

The 2025 Latio Cloud Security Report captures this moment clearly: organizations no longer want multiple, disjointed tools for cloud visibility, access, and enforcement. Instead, they’re moving toward unified access control and data-flow governance, where the same platform can both monitor and mediate how sensitive workloads are touched – by humans, systems, or AI agents.

In this shift, Privileged Access Management has re-emerged as the critical enforcement plane for both cloud and on-prem environments. The report highlights that teams are demanding just-in-time access, session-level auditability, and dynamic policy evaluation – not just for administrators but for every service identity interacting with production data.

Formal sits at the intersection of this new security model: a cloud-native PAM designed for the data era.

Formal’s Unique Differentiation: A Centralized PAM platform

Formal was built around a simple but powerful premise: access control should be as programmable and observable as your infrastructure itself.

Unlike traditional PAM tools retrofitted for the cloud, Formal acts as a centralized enforcement layer that unifies human and service access under one protocol-aware platform. The Latio Report recognized Formal’s model as a defining innovation in the category, calling out its ability to “deliver visibility, control, and auditability across both cloud and on-prem environments, without sacrificing developer velocity.”

Formal combines:

  • Real-time data-flow visualization – mapping exactly how information moves across services and who is accessing what.
  • Policy-driven workflows – codifying rules for requests, approvals, and access, that are automatically enforced at runtime.
  • Adaptive enforcement – redacting, aliasing, or blocking sensitive data before it leaves a secure boundary.
  • Protocol aware connector – supporting databases, APIs, storage systems, SSH +K8s sessions, and AI endpoints.

By embedding directly in the data path, Formal turns access into a measurable control plane, not just a governance checklist.

The new frontier of access isn’t human – it’s agentic.

AI systems, copilots, and automation agents are increasingly touching sensitive production data, running code, and making decisions that affect security posture. The Latio Report calls this the “agent access problem”. What does this mean for the category? It means that we need to extend PAM’s guardrails from human users to AI agents in real time – which is a problem Formal was purpose built to tackle. 

Formal’s architecture governs both human and machine identities, treating AI agents as first-class citizens in the access model. That means just-in-time credentials, auditable sessions, and sensitive-data controls all apply equally to your engineers, your workloads, and your LLMs.

Formal can even alias or redact data as it flows into an AI model, ensuring that sensitive content (eg. PII, secrets, or regulated fields) never leave the approved boundary. This makes it the first PAM platform purpose-built for the AI era, bridging the gap between infrastructure security and AI governance.

What this means for us

Being named a leader in the 2025 Latio Cloud Security Report validates what our customers have known all along: that visibility and control belong in one platform. And that delivering security outcomes cannot come with any tradeoffs. 

Formal’s mission is to give security and engineering teams a single enforcement layer for everything that touches sensitive data – human, service, or AI. We understand that the boundaries of cloud security are expanding, but the principle remains the same: trust is earned through context, not static permissions.

As the industry redefines what “access” means in the age of automation and AI, Formal will continue to push the boundaries of traditional privileged access management – helping organizations move fast while staying secure.

Read the full 2025 Latio Cloud Security Market Report

CTA BG

Speak to an Engineer

Learn the platform in less than an hour. Secure your data stack in less than a day.

Get a demo