Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Cybersecurity skills gap: what automation changes for IAM teams


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: Only 14% of companies say they have the talent and resources they need to meet security goals in 2025, according to Imprivata, as teams absorb more cloud complexity, burnout, and response pressure while trying to scale protection. The real shift is toward automation, managed services, and IAM controls that reduce operational load without weakening access governance.

NHIMG editorial — based on content published by Imprivata: Rethinking the Cybersecurity Skills Gap with Automation, Identity, and Managed Services

By the numbers:

Questions worth separating out

Q: How should security teams reduce identity workload without weakening access governance?

A: Prioritise repetitive work such as password resets, account provisioning, and routine access checks for automation, but keep approval, logging, and exception handling visible.

Q: When does managed security services help identity teams most?

A: Managed services help most when the internal team lacks 24x7 coverage but still retains policy authority and accountability.

Q: What do teams get wrong about passwordless authentication in IAM?

A: They often treat passwordless as a support shortcut rather than a governance change.

Practitioner guidance

  • Automate repetitive identity tasks first Target password resets, access fulfilment, and routine account maintenance before expanding into higher-risk workflows.
  • Define clear ownership for managed services Write down which access decisions, escalation paths, and audit findings remain owned by the internal team even when a provider handles monitoring or administration.
  • Use passwordless to reduce service desk load Roll out phishing-resistant authentication where device assurance and recovery processes are already stable, then track whether reset volume and login friction actually decline.

What's in the full article

Imprivata's full article covers the operational detail this post intentionally leaves for the source:

  • How the vendor frames managed services as a practical way to extend security coverage without adding headcount
  • The specific IAM tasks that automation can absorb, including password resets and secure access workflows
  • Why passwordless authentication is positioned as a way to lower support burden while improving user experience
  • The broader business argument for blending identity tooling with external operational support

👉 Read Imprivata's analysis of automation, identity, and the cybersecurity skills gap →

Cybersecurity skills gap: what automation changes for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Identity skills shortages are really governance capacity shortages. When security teams cannot keep up with access requests, resets, reviews, and monitoring, the weak point is not only headcount. It is the programme’s ability to sustain control over identity decisions at operational speed. That is why the skills gap increasingly shows up as inconsistent enforcement, delayed triage, and incomplete lifecycle execution. Practitioners should treat this as a control design problem, not just a recruitment problem.

A few things that frame the scale:

  • 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to The 2026 Infrastructure Identity Survey.
  • Another 69% of security leaders agree identity management must fundamentally shift to address agentic AI systems.

A question worth separating out:

Q: Who remains accountable when identity operations are outsourced?

A: The organisation remains accountable for policy, risk acceptance, and the design of high-risk access decisions even when a provider runs monitoring or administration. Outsourcing changes execution, not responsibility. Teams should document ownership for escalation, privileged changes, and audit evidence before delegating operational work.

👉 Read our full editorial: Cybersecurity skills gaps are pushing IAM toward automation



   
ReplyQuote
Share: