Netwrix 1Secure PRO ties DSPM and ITDR to AI access risk

At a glance

What this is: This is a Netwrix webinar about unifying DSPM and ITDR to help MSPs assess and control data and identity exposure in hybrid environments.

Why it matters: It matters because practitioners now have to govern data access, identity risk, and AI-adjacent exposure as one programme rather than separate tools and workflows.

By the numbers:

• 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.
• 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
• Only 5.7% of organisations have full visibility into their service accounts.
• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.

👉 Register for Netwrix's webinar on unified DSPM and ITDR for AI-era access risk

Context

AI-assisted productivity tools are changing the exposure model for both data and identity. In this webinar, Netwrix argues that Microsoft Copilot and similar tools can widen access paths when visibility, permissions, and identity hygiene have not kept pace with how environments are actually used.

The governance gap is familiar to IAM teams: data security posture management tells you what sensitive data exists, while identity threat detection and response helps reveal risky access behaviour. The issue is whether those controls are being operated as a single risk programme across human identities, service accounts, and AI-adjacent access paths.

Key questions

Q: How should teams govern AI-assisted access to sensitive data in hybrid environments?

A: Treat AI-assisted access as an access governance problem first, not just a data search problem. Start by mapping sensitive repositories, then confirm which identities can reach them, why those permissions exist, and whether inherited access still matches business need. If the answer is unclear, restrict discovery until identity and data controls are aligned.

Q: Why do AI tools expose weak identity governance so quickly?

A: Because they can traverse content and permission structures faster than human users, so stale groups, excessive access, and inherited entitlements become visible at scale. The tool is not creating the weakness. It is compressing the time it takes to find and exploit access debt that already existed.

Q: What should MSPs measure when they combine DSPM and ITDR?

A: Measure effective access, not just data inventory or alert volume. MSPs should be able to show which identities can access sensitive content, which exposures are policy-driven, and which alerts indicate active misuse. That gives customers evidence that posture, identity, and response are being managed together.

Q: How do teams decide whether AI adoption is increasing security risk or improving control?

A: Look at whether AI adoption is improving the organisation’s ability to explain access. If it reveals unknown permissions, stale identity paths, or audit gaps, the programme is uncovering debt, not improving control. Mature teams use that visibility to tighten governance before scaling usage further.

Background and context

How DSPM and ITDR complement each other in hybrid environments

Data Security Posture Management, or DSPM, is focused on discovering and classifying sensitive data, while Identity Threat Detection and Response, or ITDR, looks for suspicious identity behaviour that can precede abuse. The two are complementary because exposure is not only about where data lives, but who can reach it, how that access is granted, and whether the access pattern looks normal. In hybrid environments, this matters because visibility often breaks at the boundary between cloud services, file servers, and directory permissions. A combined model helps close the gap between data location and identity control.

Practical implication: treat data discovery and identity monitoring as one workflow, not separate dashboards.

Why AI tools expose legacy permission debt

AI tools often surface hidden permission debt because they can traverse content repositories and indexed data faster than users would manually search. If permissions have accumulated over time, the tool may reveal that far more users and systems can reach sensitive information than the business intended. This is not a new access model, but it makes old weaknesses visible at scale. The risk is intensified when inherited access, stale group membership, and broad application permissions remain in place across Microsoft 365, file shares, and SQL estates.

Practical implication: review inherited access and broad groups before expanding AI-enabled search or summarisation.

What unified access visibility changes for MSPs

A unified access view gives managed service providers a way to connect identity state, data exposure, and audit evidence across multiple customers from one operational layer. That matters because identity and data issues are often investigated separately, which slows triage and fragments accountability. The value is not in a prettier dashboard, but in being able to answer who has access to what, whether that access is justified, and whether the exposure is tied to a policy gap or an active threat. For MSPs, the architecture must support multi-tenant evidence without losing customer separation.

Practical implication: design multi-tenant reporting around access evidence, not just data inventory.

NHI Mgmt Group analysis

Identity and data governance now fail together, not separately. The article reflects a programme reality that many teams still ignore: data exposure becomes operationally meaningful only when identity paths are understood at the same time. DSPM without identity context tells you what is sensitive, but not whether the access is defensible. ITDR without data context tells you who behaved oddly, but not what they could reach. Practitioners should read this as a signal that control ownership across data and identity can no longer be split cleanly.

Permission inheritance is becoming the hidden attack surface for AI adoption. AI tools do not create the underlying access problem, they make inherited permissions easier to observe and easier to abuse. When broad groups, stale entitlements, and shared access patterns remain in place, AI-assisted workflows can amplify their reach across content stores that were never meant to be broadly discoverable. The implication is that the real security debt sits in access design, not in the AI feature itself.

Unified monitoring is now a governance requirement for MSP operating models. The webinar’s multi-tenant framing points to a shift in how service providers must prove control across customers. MSPs cannot rely on fragmented evidence from separate point tools when they are expected to show data posture, identity risk, and audit readiness together. That pushes the market toward integrated operational evidence, especially where customer environments mix human access, machine accounts, and AI-enabled retrieval paths.

83% of organisations would still be unable to fully explain their effective access surface if an AI tool exposed it today. We do not need to wait for a new attack class to see the problem. The combination of poor visibility, over-permissioned identities, and disconnected audit data means many programmes are already operating with partial knowledge of who can touch sensitive assets. The practitioner conclusion is straightforward: AI adoption is exposing governance debt that was already present.

Named concept: identity-data exposure coupling. This is the point where sensitive data discovery and access governance collapse into one control problem. If the organisation treats them as separate workstreams, AI tools will keep surfacing inconsistencies that neither team can resolve alone. The conclusion for security leaders is to align data, identity, and threat workflows under one operational ownership model.

From our research:

• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
• Only 5.7% of organisations have full visibility into their service accounts, which is why access evidence and entitlement review remain weak in many programmes.
• For a broader control baseline, see NHI Lifecycle Management Guide for the lifecycle discipline that keeps access, rotation, and offboarding connected.

What this signals

Permission inheritance is becoming the first place AI adoption exposes governance debt. When discovery tools reach content faster than humans can review it, the organisation learns where access was never truly justified. That makes the access model itself, not the AI feature, the thing to watch in rollout planning.

With 90% of IT leaders saying properly managing NHIs is essential for a successful zero-trust implementation, the identity side of this story is not optional. Teams that separate DSPM from identity governance will struggle to prove why sensitive content is reachable in the first place, especially in hybrid estates.

Over the next planning cycle, practitioners should expect stronger demand for evidence that ties data exposure, identity risk, and auditability together. The practical response is to align reporting across IAM, ITDR, and DSPM so the organisation can answer access questions quickly when AI-enabled workflows expand search and retrieval.

For practitioners

• Map sensitive data to effective access paths Use DSPM outputs to identify where sensitive data lives, then validate which human, service, and application identities can actually reach it across Microsoft 365, file servers, and SQL Server.
• Review inherited permissions before enabling AI search Check broad groups, nested roles, and stale entitlements before Copilot-like tools are allowed to index content that was not designed for wide discovery.
• Correlate identity anomalies with data exposure Feed ITDR alerts into the same triage queue as data posture findings so investigators can tell whether risky behaviour touched exposed content or only probed for it.
• Build multi-tenant evidence for access governance For MSP operations, standardise reports that show who has access to what, which policy justified it, and where the customer’s audit trail proves the control was enforced.

Key takeaways

• AI-enabled discovery changes the exposure equation by making hidden permissions and sensitive content easier to surface, not by creating new data by itself.
• The scale problem is already present in identity governance, where excessive privileges and weak service-account visibility continue to undermine control.
• Security teams should unify data posture, identity risk, and audit evidence before expanding AI-assisted access across hybrid environments.

Key terms

• Data Security Posture Management: Data Security Posture Management is the practice of finding, classifying, and assessing sensitive data across an environment. In identity-led programmes, its value is incomplete unless the organisation also knows which identities can reach that data and whether those permissions are justified.
• Identity Threat Detection and Response: Identity Threat Detection and Response focuses on spotting risky or abnormal identity behaviour that may signal misuse, compromise, or privilege abuse. It becomes more useful when paired with data context, because an identity alert matters most when it can be linked to what the actor could access.
• Effective Access: Effective access is the real, usable access an identity has after inherited permissions, group memberships, and role assignments are combined. It often differs from the access a policy document claims to grant, which is why it is a better measure of exposure than entitlements alone.
• Permission Inheritance: Permission inheritance is the way access rights flow from groups, roles, folders, or systems into downstream resources without explicit re-approval. It simplifies administration but often hides excessive exposure, especially when old structures remain in place after the business context has changed.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by Netwrix: 1Secure PRO webinar on unified data and identity security for MSPs. Read the original.