By Kiersten Putnam | Trace3 Senior Innovation Researcher
Identities are fundamental for securing virtually every business process. Users, both human and non-human, are dependent on their identities to access important enterprise resources. They are critical not only to perform their daily jobs, but also as the front lines of security, ensuring the right individuals have access to the right resources. This makes them not only top of mind for enterprises but also the preferred target for attackers, acting as an entry point to company resources. And as such, it is becoming a growing priority within organizations to get control over their identities.
As organizations begin their evaluation, previous investments in identity platforms, such as Saviynt and Sailpoint, are brought to attention. They are reminded of the effort and uplift it took to deploy, configure, and establish the policies for these solutions. For many, this was a one-time investment. Meaning that even as the identity ecosystem changed, the use of these tools remained the same. As time went on, gaps in support were unknowingly created. While it is expected that growing environments require new support, it has been escalated by the rapid adoption of SaaS/cloud applications. The identity architecture of these applications has shifted the landscape from known, centralized applications to one where decentralized applications are now the majority.
As the digital landscape has evolved, the way we use the identity platforms have not evolved with it, thereby making them insufficient to support the organization alone. Each application may have its own identity model and permission structure, which is challenging to map to a centralized identity platform. This impacts the ability to have consistent management and results in varying levels of support across joiners, movers, and leavers. However, challenges are the spark that innovation thrives on, and today's emerging solutions are cleverly tackling some of the biggest ones out there.
Solving One Gap, Creating Another
Let's start by acknowledging the wave of solutions built to support disconnected applications and resources that fall outside the reach of traditional identity platforms. Emerging use cases, such as PAM for cloud, IGA light solutions, JIT/dynamic access are specifically designed to support SaaS and disconnected apps that can't integrate with a centralized identity management system.
With these solutions, organizations use identity platforms and leverage best of breed solutions in places the platforms don’t adequately support.
On the surface, this sounds like great progress. And in many ways, it is. These solutions allow organizations to extend identity capabilities where traditional platforms fall short, often through best of breed tools.
But here's the catch: each new solution adds another silo. Now, instead of a unified approach, organizations find themselves managing a domain specific or problem specific solution alongside the existing solution. Having to adhere to new policies and remember existing policies for each control and interface. The result? Tool sprawl and a growing management burdens that is starting to exceed human capacity.
It has become clean that the next wave of innovation must focus on the ecosystem approach, one that not only enhances existing investments, but also streamlines processes while highlight blind spots.
Closing the Loop: The Next Phase of Identity Hygiene
The market has already been responding with approaches to solve this disconnected management challenge. It boils down to 2 main approaches to provide this holistic visibility and access management − one from a visibility and cleanup perspective, and the other from an autonomous enforcement standpoint. Together, they not only enable organizations to quickly understand their identity hygiene, but also automatically execute access management functions, ensuring limited time impact to busy identity teams.
Let’s break them down:
1. Identity Hygiene Enforcement
Context has officially arrived in the world of identity. We've been tracking the growing role of contextual awareness across various security domains, and identity is now firmly in that spotlight. Ensuring holistic context gives a full view into what issues could pose security risks, especially in toxic combination with one another.
To provide this level of context, these tools centralize visibility across identity silos and report on where improvements can be made. They focus on understanding identities, cleaning up hygiene issues, and governing identity and access across an organization. First, they discover identities and create an inventory across access patterns to explain who or what identity exists, and what they have access to. They do this through different methods − some look directly from the disconnected application view, while others connect to identity applications for visibility. From there, these solutions monitor identity-related risks such as, dormant users, excessive privileges, misaligned access, and misconfigured policies. These solutions give IAM teams a prioritized view of where they should focus their cleanup efforts, and, while AI is used for baselining and prioritization, solutions do not focus on executing remediation actions autonomously. As this is an emerging space, solutions are continuously expanding their capabilities. To find adequate support for your environment, it’s important to evaluate each solution for the types of identities supported and the methods used to collect this information.
Examples: Andromeda, Orchid Security, Oleria, Unosecur
2. Autonomous Identity Ops
Autonomous agents are another key theme making its way into the identity world. As identities multiply, the effort of traditional workflows and ticket-driven processes has created an unsustainable amount of daily manual and repetitive work required to maintain traditional IAM tools.
To help bridge the gap between tasks and execution, autonomous identity operations solutions possess the ability to execute an assigned task with precision, efficiency, and consistency. Autonomous identity operations are designed to close the gap between task assignment and execution by handling work with speed and accuracy. These solutions can take on a range of identity-related duties such as: user and entitlement management, app access governance, credential handling, and even routine tasks like generating reports.
Starting with routine tasks, these solutions assist in identifying repetitive and time-consuming tasks. Then, using varying levels of agentic AI, they automate these activities, reducing the manual and time consuming burden on teams. They vary in how they build automation workflows. Some use traditional documentation to define task scope. Others employ screen capture for process mining. Some rely on middleware, trigger actions based on specific events. Despite the different approaches, the goal is the same: reduce manual work and increase consistency.
By automating these tedious tasks, organizations benefit from improved identity hygiene. These solutions help prevent leftover access, orphaned accounts, and over-privileged users.
Example solutions: Opnova, Twine, Redblock, PathID*, Cerby
Autonomous Future Realized
For most enterprises, the shift towards identity synergy starts not with a rip-and-replace, but a mindset reset. You don’t have to overhaul everything on day one, but you do have to start seeing identity as a living and evolving ecosystem. If the concepts in this blog are exciting to you and you see your organization benefiting from this vision, getting started is simple:
Take Inventory of What You Already Have
Map out your current identity infrastructure. Through either manual processes or leveraging identity toolsets discussed in this blog. This includes your primary platforms (e.g., SailPoint, Saviynt, Okta), any best-of-breed tools you’ve brought in to fill the gaps and unmanaged identity “dark matter” living in SaaS apps, scripts, or legacy systems. Knowing what you have and what you’ve outgrown is the first step.
Identify the Pressure Points
High level analysis of repeat tickets, quick surveys from your teams on manual processes and even complaints from your user base can serve as excellent pain signals within your organization. These pain points often signal your highest value use cases for automation or visibility improvements.
Align Tools to Tasks, Not Buzzwords
Rather than selecting tools on market hype and buzzwords, focus on outcomes. Do you need better visibility into dormant accounts and misaligned access? Start with hygiene-first platforms. Are your teams bogged down with repetitive tasks related to lifecycle management? Consider agentic automation solutions that reduce daily IAM noise.
Iterate, Iterate, Iterate
Start small. Choose one high friction identity process such as access reviews or credential cleanup and run a focused pilot with a modern solution. Use the results to demonstrate ROI and build confidence across stakeholders. Keep in mind that your proof of concept is your first iteration. Continue adding more capabilities to increase ROI.
Build Bridges, Not Silos
Ensure any new solution can share data or plug into your broader identity or security ecosystem. The long-term win is in orchestrating tools together leveraging context awareness along the way.
Identity, Finally in Sync
With varying people, processes, and tools stitching identity and access management together, it can be challenging to create a holistic identity strategy. Hopefully this blog has illustrated the different approaches in your corner for managing the siloes, and disparate solutions. With these emerging solutions you can leave identity hygiene mapping to the hygiene suites, the tedious work to the identity agents, and have your identity teams focus on the transformative projects that will allow your organization to safely and efficiently take advantage of new technologies and business objectives.
The best part? We believe this evolution is just the start. With the wider trends of centralized context and agentic processes, our Innovation imagines a future where organizations can seamlessly ride the waves of change and have identity as a seamless copilot next to them. Interested in staying connected on identity trends? Message us at innovation@trace3.com
Kiersten Putnam is a Senior Innovation Researcher at Trace3. She is passionate about new innovative approaches that challenge traditional processes across the enterprise. As a member of the Innovation Team, she delivers research content on emerging trends and solutions across enterprise cloud, security, data, and infrastructure. When she's not researching, she is either exploring the surrounding areas of Denver, Colorado where she lives, or planning her next trip abroad.