Identity fabric exposes the gaps in lifecycle and access control

At a glance

What this is: Identity fabric is a governance framework for managing identities, synchronising directory data, and automating lifecycle steps across hybrid environments.

Why it matters: It matters because IAM teams need consistent identity data and offboarding discipline across human, NHI, and workload identities to prevent stale access and authentication errors.

By the numbers:

• Only 5.7% of organisations have full visibility into their service accounts.
• 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
• 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.
• 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage.

👉 Read Zluri's analysis of identity fabric and access management

Context

Identity fabric is best understood as an operating model for identity governance rather than a single product feature. It tries to reduce the risk created when identity data is fragmented across directories, clouds, and access systems, especially when manual joiner, mover, and leaver handling cannot keep pace with organisational change.

The primary identity security problem here is not authentication alone. It is the mismatch between how identities are created, updated, synchronised, and removed, and how modern environments actually consume those identity records across human IAM, NHI governance, and workload access paths.

Key questions

Q: How should security teams manage identity fabric in hybrid environments?

A: They should treat identity fabric as an operating model, not a product category. That means defining authoritative identity sources, synchronising directory data, automating lifecycle changes, and using contextual authentication where risk is high. Without that structure, hybrid environments simply spread identity inconsistency faster across more systems.

Q: Why do fragmented directories create identity security risk?

A: Fragmented directories create risk because different systems can make different trust decisions about the same identity. When attributes, role state, or offboarding status are inconsistent, access can persist after it should have been removed. That leaves attackers with more opportunities to exploit stale or conflicting identity records.

Q: What breaks when identity lifecycle management stays manual?

A: Manual lifecycle handling breaks at scale because people change roles and leave faster than spreadsheets and ticket queues can keep up. The result is stale permissions, missed deletions, and identities that outlive their business purpose. Those leftovers become direct access paths for abuse or impersonation.

Q: Who is accountable when identity data is not synchronised?

A: Accountability sits with the team that owns identity governance, because synchronisation is a control outcome, not an optional convenience. If identity data is inconsistent across directories, no downstream application can reliably know which record to trust. That makes identity governance accountable for the failure, even if the symptom appears in authentication.

Technical breakdown

Identity fabric and directory synchronisation

Identity fabric depends on keeping identity attributes aligned across multiple directories so downstream identity providers do not authenticate against stale or conflicting records. In practice, this means changes in role, department, or lifecycle state must propagate consistently across the authoritative sources that applications and access systems read from. When synchronisation breaks, the result is not just inconvenience. It creates inconsistent trust decisions, incomplete provisioning, and avoidable access errors across cloud and on-prem estates.

Practical implication: map every identity source of record and verify synchronisation integrity before relying on it for authentication or access decisions.

Automated lifecycle management for identities

The article treats identity lifecycle as the controlled creation, modification, and deletion of identities as people move through an organisation. Manual processing does not scale because every missed update leaves an identity in the wrong state, which can preserve access after a role change or departure. That is why identity fabric links lifecycle automation to governance outcomes. The core mechanism is not speed alone. It is reducing the time window in which an identity exists in a state that no longer matches business reality.

Practical implication: automate joiner, mover, and leaver workflows so access state changes are tied to HR or system events, not spreadsheets.

Risk-based authentication in identity fabric

Risk-based authentication adds contextual checks such as device signals, typing rhythm, and activity patterns to decide whether an identity should be trusted at a given moment. This matters because passwords and OTPs can be satisfied by the wrong actor if the identity itself has already been compromised. Identity fabric uses this as a control layer, but it should be read as part of a broader identity governance model, not as a standalone defence. The point is to reduce confidence in static proof when behaviour no longer matches the expected user.

Practical implication: use behavioural and device context as a decision signal for high-risk access paths, especially where credentials may already be exposed.

Threat narrative

Attacker objective: The attacker aims to turn weak identity governance into persistent access to systems and data through valid-looking identities.

1. Entry occurs when attackers exploit stale, inconsistent, or exposed identity records to impersonate legitimate users or reuse valid access paths.
2. Escalation follows when synchronisation gaps or delayed lifecycle updates let the attacker retain access after role changes or offboarding.
3. Impact is reached when the attacker uses that trusted identity state to reach applications, directories, or sensitive data that should no longer be accessible.

Breaches seen in the wild

• Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.
• Codefinger AWS S3 ransomware attack — Codefinger used compromised AWS credentials to encrypt S3 buckets via SSE-C.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Identity fabric is a governance response to identity sprawl, not a substitute for identity discipline. Centralising or synchronising records does not solve the underlying problem if the organisation still cannot prove who owns an identity, when it should be removed, or which directory is authoritative. The article is strongest when it treats identity fabric as an attempt to impose order on fragmented identity states. The practitioner conclusion is simple: synchronisation without lifecycle control still leaves trust decisions exposed.

Manual identity lifecycle handling is the failure mode this model is trying to erase. The article correctly shows that spreadsheets and manual deletion steps do not scale once identity volumes rise. That is a governance issue, not just an efficiency issue, because each missed mover or leaver creates a dormant access path. The practitioner conclusion is that lifecycle process design is itself a security control, not an administrative back-office task.

Risk-based authentication should be viewed as a compensating control for identity uncertainty, not proof of identity health. Behavioural checks can help expose impersonation, but they do not repair stale records, duplicated identities, or poor offboarding. This is where identity fabric intersects with broader IAM maturity: the more inconsistent the identity estate, the more any runtime signal must carry the burden of deciding whether trust is still valid. The practitioner conclusion is to treat behavioural validation as a second line of defence, not the primary trust model.

Identity fabric becomes materially more important as organisations mix human IAM, NHIs, and workload identities. The same governance weakness, fragmented authority over identity state, shows up across people, service accounts, API keys, and automation accounts. That is why identity synchronisation and lifecycle governance should be designed as cross-domain controls, not only as employee IAM hygiene. The practitioner conclusion is to align human, machine, and workload identity records before access decisions fragment further.

Hidden identity records create trust debt. When identity attributes, directories, and offboarding states drift apart, organisations accumulate a trust debt that eventually has to be paid during incident response, audit, or access review. The article describes the symptoms, but the broader lesson is that identity fabric is about reducing the time identities spend in ambiguous states. The practitioner conclusion is to measure how long stale identity conditions survive, then force governance action on that lag.

From our research:

• Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
• 71% of NHIs are not rotated within recommended time frames, increasing the risk of compromise over time.
• Top 10 NHI Issues helps teams move from identity sprawl to governed lifecycle control.

What this signals

Identity fabric matters most when identity estates stop behaving like a single system. The practical signal for readers is that directory synchronisation, lifecycle automation, and contextual authentication need to be governed together, not bought or deployed as separate fixes. A useful benchmark from our research is that only 5.7% of organisations have full visibility into their service accounts, which is exactly the kind of blind spot that fabric-style thinking tries to close.

Hidden identity drift creates operational debt for both human and non-human programmes. If mover and leaver states are delayed, access reviews become unreliable and incident response has to clean up what governance missed. Teams should watch for inconsistent directory records, delayed offboarding, and authentication flows that trust stale identity data more than current business state.

Identity fabric should be paired with lifecycle measurement, not just architecture language. Readers should measure synchronisation lag, orphaned identity counts, and the age of unresolved access changes to see whether identity governance is actually improving. For structured next steps, the Ultimate Guide to NHIs is the right reference point for lifecycle controls across machine and workload identities.

For practitioners

• Map authoritative identity sources Identify which system owns joiner, mover, and leaver state for each identity type, then eliminate conflicting records across directories and access platforms. If no source of truth exists, the same identity can be trusted differently by different systems.
• Automate mover and leaver updates Tie role changes and offboarding to identity lifecycle workflows so permissions are updated or removed without spreadsheet-driven delays. The goal is to shrink the period in which an identity remains valid after the business state has changed.
• Synchronise directory data continuously Validate that core identity attributes remain consistent across cloud and on-prem directories, especially where multiple IdPs consume the same records. Inconsistency in one directory should be treated as a control failure, not an administrative nuisance.
• Add risk-based checks to high-risk access paths Use behavioural and device signals when authentication confidence matters most, but do not treat them as a fix for poor identity governance. They are best used to challenge access when identity state is uncertain or credentials may be compromised.

Key takeaways

• Identity fabric is really about stopping identity drift across directories, lifecycle processes, and authentication decisions.
• Manual joiner, mover, and leaver handling creates stale access paths that scale into real security exposure.
• Synchronisation, lifecycle automation, and contextual authentication only work when identity governance is treated as a control plane, not a back-office task.

Key terms

• Identity Fabric: An identity fabric is a governance model for keeping identity data, lifecycle state, and authentication decisions consistent across multiple systems. It is less about one platform and more about coordinating identity sources so applications do not act on stale, conflicting, or incomplete records.
• Identity Lifecycle Management: Identity lifecycle management is the controlled process of creating, updating, and removing identities as business relationships change. In practice, it ties joiner, mover, and leaver events to authoritative systems so access reflects current state instead of outdated permissions or orphaned records.
• Directory Synchronisation: Directory synchronisation is the process of keeping identity attributes aligned across multiple directories and identity providers. It prevents one system from trusting old role, department, or status information that another system has already changed, which reduces authentication and provisioning errors.
• Risk-Based Authentication: Risk-based authentication is a context-aware method that evaluates signals such as device, behaviour, and login pattern before granting access. It adds a layer of judgment when static credentials alone are too weak to prove the identity is legitimate in the current session.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by Zluri: Access Management Identity Fabric: Securing Identities Against Attack Vectors. Read the original.