Notifications
Clear all
Topic starter
03/06/2026 2:24 pm
TL;DR: Identity is becoming the mechanism enterprises use to maintain trust as AI, mergers, and operational change expand the attack surface and make visibility harder to sustain, according to SailPoint. The governance problem is no longer just access sprawl, but the assumption that identity controls can keep pace with machine-speed change and organisational restructuring.
NHIMG editorial — based on content published by SailPoint: A conversation with Accenture on the future of security with identity
Questions worth separating out
Q: How should security teams govern identity across humans, NHIs, and AI-enabled workflows?
A: Start with a shared ownership model that records who controls each identity, what it can access, and why it exists.
Q: Why does AI adoption make identity governance harder?
A: AI increases the number of dynamic access paths and reduces the time teams have to understand them.
Q: What breaks when identity visibility lags behind organisational change?
A: Access reviews lose accuracy, ownership becomes unclear, and inherited permissions remain active longer than intended.
Practitioner guidance
- Re-baseline identity inventory across all actor types Reconcile human accounts, service identities, and any AI-linked access paths against current business ownership and system usage.
- Map identity ownership to business context Assign accountable owners for each identity class and make the business purpose visible in governance records.
- Review merger-driven access paths separately from steady-state access Treat post-merger integration as a distinct governance event and validate inherited entitlements before they are normalised into routine operations.
What's in the full article
SailPoint's full blog covers the interview context and the broader identity-security perspective that this post intentionally leaves at a high level:
- The conversation details how enterprise change, including mergers and AI adoption, alters identity governance priorities.
- It explains why visibility and control matter more when identity landscapes become harder to map across systems and business units.
- It expands on the role of partnerships in helping organisations design tailored identity security programmes.
- It connects identity governance to operational environments, including OT, where access failures have broader impact.
👉 Read SailPoint's conversation on identity security, AI, and organisational change →
AI and organisational change are stretching identity controls?
Explore further
03/06/2026 2:33 pm
Identity has become the trust boundary because business change now outpaces static governance. The article is right to connect AI adoption, mergers, and OT security to identity complexity, because each one changes who or what can act inside the enterprise. That makes identity less of a directory function and more of a control plane for trust. Practitioners should treat identity as the layer that must stay accurate when everything else is moving.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which helps explain why identity trust drift persists in large environments.
A question worth separating out:
Q: How can organisations know whether identity controls are keeping up with change?
A: Look for evidence that identity records, ownership, and entitlement data are updated at the same pace as business change. If mergers, AI projects, or infrastructure shifts routinely outpace reviews, the programme is falling behind. A reliable signal is when governance teams can explain access without relying on manual reconstruction.
👉 Read our full editorial: Identity security is becoming the trust layer for AI and change
