TL;DR: At a time when 84% of organisations report identity-related breaches and 78% say those incidents caused direct business impact, Linx Security’s $33 million funding round and launch out of stealth reflect sustained investor demand for identity governance platforms, according to the company’s cited research. The signal for practitioners is that visibility, lifecycle control, and access remediation are now board-level identity problems, not back-office hygiene.
NHIMG editorial — what this means for NHI practitioners
By the numbers:
- 84% of organizations have experienced an identity-related security breach.
- 78% facing direct business impacts as a result.
- 68% of incidents involve a human element.
Questions worth separating out
Q: What breaks when identity governance is mostly manual?
A: Manual governance breaks when ownership is unclear, access changes faster than review cycles, and revocation depends on someone remembering to act.
Q: Why do identity-related breaches keep happening even with access reviews?
A: Access reviews often confirm what is already in the directory, not what is still justified by the business.
Q: How can security teams reduce identity sprawl in cloud and code environments?
A: Start by inventorying every account, key, token, and service identity, then tie each one to a real owner and expiry condition.
Practitioner guidance
- Map identities to business owners and resources Create a current identity graph that ties each account, service principal, or API credential to a named business owner and the systems it can reach.
- Automate leaver and ownership-change revocation Trigger revocation workflows when an employee leaves, a team changes, or a service ownership transfer occurs so access does not persist by default.
- Prioritise stale and unowned access paths Focus remediation on accounts with no clear owner, long-lived entitlements, and access to source code, cloud control planes, or sensitive data stores.
What's in the full announcement
Linx Security's full post covers the operational detail this post intentionally leaves for the source:
- The specific identity mapping workflow used to detect ungoverned repository access
- How the platform links accounts back to human owners and risk levels
- The company’s product framing around lifecycle coverage and remediation automation
- The funding context and leadership background behind the launch out of stealth
👉 Read Linx Security’s announcement on $33M funding and identity governance →
Identity governance demand is rising, but what changes for teams?
Explore further
Identity governance is becoming a control-plane problem, not a reporting problem. The article’s core signal is that enterprises still struggle to connect identities, access rights, and business ownership in a way that supports action. That is why visibility platforms are attracting capital: the market is responding to control fragmentation, not just compliance reporting. For practitioners, the implication is that governance now has to operate as a live control plane across users, service accounts, and emerging machine identities.
A few things that frame the scale:
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, according to Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
A question worth separating out:
Q: Who should be accountable when stale access causes exposure?
A: Accountability should sit with the business owner of the identity, the platform owner of the system, and the governance team responsible for lifecycle enforcement. If any one of those functions is missing, revocation becomes inconsistent and risk persists. Strong accountability means access is owned, reviewed, and removed as part of normal operating rhythm.
👉 Read our full editorial: Linx Security’s funding highlights identity governance demand