If you sell into enterprise cloud or security, something has shifted in the last eighteen months. The economic buyer isn’t who you used to talk to.
Three years ago, identity governance lived inside security. The CISO bought it. Auditors cared. Finance signed POs. That sequence has reversed as cloud spend management became the top challenge for 84% of organizations (Flexera 2026).
The convergence is structural. Wasted cloud spend hit 29% this year (Flexera 2026), tied to governance gaps: only 17.3% of organizations have implemented CIEM, and 26.1% incorporate identity context into risk prioritization (Qualys Cloud Security Forecast 2026). Permissions are opaque, so spend is opaque. The CFO has noticed.
From deals I’ve seen this year, three shifts stand out:
First, procurement committees have expanded. The CISO no longer signs alone – you now face FinOps leads, platform engineering heads, and CFO office reps. Each holds veto power.
Second, discovery questions have evolved. “Does this detect misconfigurations?” became “Which roles drive cost across our acquired AWS accounts?” Accountability now trumps pure security.
Third, buying cycles lengthen, but deal sizes grow. Platforms bridging governance and cost control close at the multi-stakeholder level, not departmental. The trade-off favors vendors who speak both languages.
Google’s H1 2026 Cloud Threat Horizons pins 83% of breaches on identity. Orca notes non-humans outnumber humans 50:1, with Tenable flagging 52% excessive permissions. These risks now hit the P&L directly.
For sellers, the takeaway is straightforward: solo CISO outreach misses the new stakeholders. Value props ending at risk reduction ignore the buyer’s full vocabulary.
