Notifications
Clear all
Topic starter
08/06/2026 4:09 pm
TL;DR: Many organisations still run authentication in silos, even though 70% already have three or more IAM systems in place, according to Axiad’s cited survey. The practical problem is not passwordless in isolation but how to integrate authentication, automation, and usability without creating new gaps.
NHIMG editorial — based on content published by Axiad: Rethinking Enterprise Authentication – A Practitioner Point of View
By the numbers:
- In the 2022 Authentication Survey, 70% of organizations have three or more Identity and Access Management systems already in place.
- Only 5.7% of organisations have full visibility into their service accounts.
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
Questions worth separating out
Q: How should security teams modernise authentication without breaking existing IAM systems?
A: Start by mapping every authentication path, then standardise policy before adding new controls.
Q: Why do siloed authentication systems increase identity risk?
A: Silos create different assurance levels, inconsistent policy enforcement, and more opportunities for users to bypass controls.
Q: How can organisations balance authentication security and usability?
A: Use risk-based controls that raise friction only when the access request warrants it.
Practitioner guidance
- Inventory authentication paths across the estate Document how users reach major applications today, including legacy SSO, MFA, passwordless, and exception flows.
- Tie automation to explicit identity state Automate certificate expiry handling, access resets, and other repeatable tasks only where ownership, policy, and revocation conditions are already defined.
- Measure user workarounds as a security signal Track fallback behaviours such as shared accounts, informal exceptions, or repeated help desk resets.
What's in the full article
Axiad's full blog covers the practitioner detail this post intentionally leaves at the strategy layer:
- How the report authors frame authentication trade-offs across mixed IAM environments
- The practitioner interview themes behind the report's recommendations on passwordless and automation
- PeerSpot-driven survey context around authentication systems and IAMaaS categories
- Axiad's discussion of customer-rating positioning and market feedback, which this post did not evaluate
👉 Read Axiad's practitioner report on rethinking enterprise authentication →
Enterprise authentication silos: what IAM teams need to fix first?
Explore further
08/06/2026 5:37 pm
Authentication silos are the real control gap, not passwordlessness. The article is strongest when read as a warning that modern authentication often sits on top of fractured IAM estates. That fracture creates inconsistent assurance, duplicated administration, and uneven policy enforcement. The practitioner lesson is to treat authentication as an enterprise control plane problem, not a point solution decision.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
- In the same research, only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
A question worth separating out:
Q: What should IAM teams connect to authentication governance first?
A: Connect authentication to provisioning, offboarding, and recovery workflows before expanding new methods. Authentication is only trustworthy when the identity behind it is current, owned, and revocable. That linkage is essential for both human accounts and non-human credentials.
👉 Read our full editorial: Rethinking enterprise authentication exposes the IAM integration gap
