Identity-data blind spots: what IAM teams need to fix now

TL;DR: Fragmented identities and scattered data access create blind spots across SaaS and cloud, making it hard to know who can reach sensitive information and whether MFA or least privilege is consistent, according to Cyera. That gap becomes more dangerous as AI tools inherit user access and can surface data faster than teams can govern it.

NHIMG editorial — based on content published by Cyera: Cyera and Okta: Eliminating Identity and Data Access Blind Spots in the AI Era

Questions worth separating out

Q: How should security teams control sensitive data access when identities are fragmented across multiple systems?

A: Security teams should build a single access view that ties each person to every account, dataset, and authentication state across the environment.

Q: Why do fragmented identities make AI access risk harder to govern?

A: Fragmented identities make AI risk harder to govern because assistants and copilots can only be limited as well as the user accounts they inherit.

Q: What do security teams get wrong about least privilege in SaaS and cloud environments?

A: Teams often treat least privilege as a role design exercise when the real problem is entitlement drift across multiple identities.

Practitioner guidance

• Consolidate fragmented identities into one access record Normalize employee accounts across Microsoft 365, Google Workspace, Snowflake, and cloud platforms so each person has one reviewable identity profile.
• Map identity to sensitive data before enabling AI use cases Require a validated identity-to-data map before copilots or assistants can query business datasets.
• Review MFA coverage account by account, not user by user Check every account attached to the same employee for authentication gaps, because one protected login does not mean the whole identity is protected.

What's in the full article

Cyera's full article covers the operational detail this post intentionally leaves for the source:

• How the Okta identity enrichment flow is used to consolidate multiple accounts into one user view
• The platform-level access mapping across Microsoft 365, Google Workspace, Snowflake, and AWS
• The finance-analyst example showing how the unified profile changes blast-radius analysis
• How the data-access view supports compliance, insider-risk reduction, and AI enablement decisions

👉 Read Cyera and Okta's analysis of identity and data access blind spots in AI →

Identity-data blind spots: what IAM teams need to fix now?

Explore further

View Full Forum →  |  NHI Foundation Course →