Notifications
Clear all
Topic starter
08/06/2026 4:11 pm
TL;DR: RSA 2024 showed that AI hype, GRC growth, and identity sprawl are converging, while fragmented IAM stacks still prevent risk signals from moving across tools, according to Axiad. The practical lesson is that fabric-style integration, not platform accumulation, is becoming the governance model teams must evaluate.
NHIMG editorial — based on content published by Axiad: Three Key Takeaways from the 2024 RSA Conference
By the numbers:
Questions worth separating out
Q: How should IAM teams respond when identity tools do not share risk context?
A: They should map where identity risk context is lost, then prioritise integration points that let one control’s findings affect another control’s decisions.
Q: Why do identity platforms create governance problems when they are not integrated?
A: Because each platform may see a different slice of identity risk, but none can reliably update the others.
Q: When should organisations prefer a fabric model over a single identity platform?
A: They should prefer a fabric model when they need specialised tools to remain effective but still want shared policy and telemetry across them.
Practitioner guidance
- Map identity signal handoffs across your stack Document where risk signals from authentication, threat detection, proofing, and lifecycle systems stop propagating.
- Separate capability depth from integration depth Review each identity platform for the specific control problem it solves well, then assess whether the stack shares context through common policy or telemetry.
- Align identity evidence with GRC reporting Identify which identity controls generate audit evidence, which teams own that evidence, and how it is consumed during compliance reviews.
What's in the full article
Axiad's full blog post covers the conference observations and market framing this post intentionally leaves at a higher level:
- The vendor's detailed notes on how identity messaging varied across the RSA conference halls and sessions.
- The specific examples behind its identity fabric argument and why separate identity tools fail to share risk state.
- Its discussion of why GRC and cybersecurity convergence may reshape acquisition activity and programme ownership.
- The reasoning behind its preference for best-of-breed identity capabilities over platform consolidation.
👉 Read Axiad's RSA 2024 analysis of identity, GRC, and platform fragmentation →
Identity consolidation at RSA 2024: what should IAM teams do now?
Explore further
08/06/2026 5:40 pm
Identity sprawl is now the central operating problem in enterprise security. RSA 2024 showed that identity is no longer a niche control layer, it is the place where authentication, threat detection, governance, and compliance all collide. The article’s point is not that more products are needed, but that fragmented identity estates already create governance blind spots. Practitioners should treat identity sprawl as an operating risk, not a tooling inconvenience.
A few things that frame the scale:
- 52 NHI breach cases are analysed in the 52 NHI Breaches Analysis, showing how identity failures tend to repeat across environments.
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap.
A question worth separating out:
Q: How do identity governance and GRC need to work together now?
A: They need to share the same evidence for identity controls, because identity failures now create both security and compliance exposure. The practical test is whether a control issue can move from operational detection into audit reporting without manual reconstruction.
👉 Read our full editorial: RSA 2024 exposed the limits of platform-led identity consolidation
