Notifications
Clear all
Topic starter
07/06/2026 9:25 pm
TL;DR: Fragmented identities and scattered data access create blind spots across SaaS and cloud, making it hard to know who can reach sensitive information and whether MFA or least privilege is consistent, according to Cyera. That gap becomes more dangerous as AI tools inherit user access and can surface data faster than teams can govern it.
NHIMG editorial — based on content published by Cyera: Cyera and Okta: Eliminating Identity and Data Access Blind Spots in the AI Era
Questions worth separating out
A: Security teams should build a single access view that ties each person to every account, dataset, and authentication state across the environment.
Q: Why do fragmented identities make AI access risk harder to govern?
A: Fragmented identities make AI risk harder to govern because assistants and copilots can only be limited as well as the user accounts they inherit.
Q: What do security teams get wrong about least privilege in SaaS and cloud environments?
A: Teams often treat least privilege as a role design exercise when the real problem is entitlement drift across multiple identities.
Practitioner guidance
- Consolidate fragmented identities into one access record Normalize employee accounts across Microsoft 365, Google Workspace, Snowflake, and cloud platforms so each person has one reviewable identity profile.
- Map identity to sensitive data before enabling AI use cases Require a validated identity-to-data map before copilots or assistants can query business datasets.
- Review MFA coverage account by account, not user by user Check every account attached to the same employee for authentication gaps, because one protected login does not mean the whole identity is protected.
What's in the full article
Cyera's full article covers the operational detail this post intentionally leaves for the source:
- How the Okta identity enrichment flow is used to consolidate multiple accounts into one user view
- The platform-level access mapping across Microsoft 365, Google Workspace, Snowflake, and AWS
- The finance-analyst example showing how the unified profile changes blast-radius analysis
- How the data-access view supports compliance, insider-risk reduction, and AI enablement decisions
👉 Read Cyera and Okta's analysis of identity and data access blind spots in AI →
Identity-data blind spots: what IAM teams need to fix now?
Explore further
08/06/2026 9:23 am
Identity fragmentation is the governance gap, not just an operational inconvenience. When one employee is represented as multiple identities across SaaS and cloud, least privilege becomes impossible to assess with confidence. Security teams are not just missing a report view, they are missing the authoritative identity-to-data relationship that governance depends on. The practitioner conclusion is simple: if identity is fragmented, access governance is already incomplete.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which shows how often access governance starts from incomplete inventory rather than control.
A question worth separating out:
Q: How can organisations tell whether MFA enforcement is actually consistent across identities?
A: They need to verify MFA at the account level, not assume it applies to the person as a whole. A user with three accounts and one weak login path still has an exposed identity. Consistency means every active account tied to that user is protected, especially the account with the broadest data reach.
👉 Read our full editorial: Identity-data blind spots in the AI era expose access risk
