Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

After nearly two decades in cybersecurity and more customer conversations than I can count, one thing’s clear: no matter the industry, every organization is dealing with compliance headaches. Finance, healthcare, retail – it doesn’t matter. If you’ve got users with access to systems, you’ve got audit controls to worry about. And most of the time, people have way more access than they actually need. That’s where privileged access management (PAM) comes in.

Lately, the common theme in emerging identity security technology has been… well, you know. AI. It’s all anyone wants to talk about. All of us in the IAM business have been scurrying to find a way to tell our customers and the market that, yes! we have AI! we've had it all along! If that were so obviously true, then why are we having to tell you about it now? As an identity security technologist, I’ve experienced the growing pains of AI in IAM.

Modern IT is innately complex, which leads to matching complexity in the security environment and indeed for managing privileged accounts. Companies rely on multi-cloud and hybrid cloud deployments to get more flexibility and to enhance resilience. But the flipside of a distributed, decentralized IT approach is a variety of security models across platforms. That creates a broad attack surface, and a complex web of privileged accounts.

Privileged accounts are the keys to every organization’s kingdom. Protecting them isn’t optional. After all, the fallout of a breach can affect almost every part of the business. From leaking sensitive information and intellectual property, to fines and reputational damage from non-compliance or lack of governance.

When you unify a complex technology landscape that consists of diverse deployments—including on-premises, legacy systems, multi-cloud and hybrid environments—you inevitably create a tangled web of identities, each with its own set of security challenges. Identity and access management (IAM) as we know it struggles to keep up. It becomes increasingly complex to manage user access across disparate systems, to maintain consistent security policies and to meet compliance regulations.

Active Directory (AD) officially reaches its quarter-century this year, after its late-1990s preview and full release with Windows Server 2000. That’s over 25 years of providing administrators with tools to manage permissions, endpoints and access for network-based resources and objects. In that time, it’s grown to become the choice of around 90% of the Global Fortune 1000s.

Managing an enterprise-level Active Directory (AD) means enterprise-grade volumes of identity accounts. Naturally, operations at this scale come with high complexity and call for intensive resources to maintain control. Manual errors can creep in as the business expands, leading to increased cybersecurity risks and vulnerabilities.

Lately, the common theme in emerging identity security technology is AI. It’s all anyone wants to talk about. All of us in the IAM business have been scurrying to find a way to tell our customers and the market that, yes! We have AI! We've had it all along! If that were so obviously true, why isn’t it more broadly known? As an identity security technologist, I’ve experienced the growing pains of AI in IAM. I recently read an interesting essay by a science fiction author.

Organizations have long focused on securing human users – employees, partners and customers. But what about the identities that aren’t tied to a person? Non-human identities (NHIs), including service accounts, bots, APIs, machine identities and more, now outnumber human identities 20:1 in most organizations! Yet, they often lack proper oversight, making them a growing security risk.