TL;DR: Pandemic-era remote work and ongoing digital acceleration have made identity security a business-essential control, according to SailPoint research citing IDSA data that 84% of organisations experienced an identity-related breach in the last year. The real issue is that access velocity now outpaces human-led governance, so modern identity security must combine intelligence, automation, and tighter policy boundaries.
NHIMG editorial — based on content published by SailPoint: Identity security remains business essential
By the numbers:
- 84% of organizations experienced an identity-related breach in the last year.
Questions worth separating out
Q: How should organisations govern access when digital change outpaces manual reviews?
A: Organisations should move from periodic review alone to continuous policy enforcement.
Q: Why does identity security become more important as businesses accelerate digitally?
A: Because every new system adds new identities, entitlements, and access paths that must be governed.
Q: What do security teams get wrong when they treat identity as an administrative task?
A: They underestimate how quickly unmanaged access becomes business risk.
Practitioner guidance
- Define identity security as a business-critical control Map identity governance dependencies into transformation programmes so new applications, remote workflows, and cloud services cannot go live without access policy coverage.
- Reduce manual access handling Use policy-driven workflows for provisioning, deprovisioning, certification, and privilege changes so approvals are not the only control when access volume rises.
- Set access boundaries at the point of request Require decisions about who should have access, for how long, and how deep that access should go before access is granted.
What's in the full article
SailPoint's full blog covers the operational detail this post intentionally leaves for the source:
- The article's full argument for why identity security should sit at the core of enterprise transformation decisions
- The vendor's own framing of how remote work changed access expectations across the business
- The specific way SailPoint connects identity intelligence and automation to enterprise productivity
- The broader series context that follows this post and expands the business-essential theme
👉 Read SailPoint's perspective on why identity security is business essential →
Identity security and digital acceleration: what IAM teams need now?
Explore further
Identity security has become an operating requirement, not a downstream control. The post reflects a broader reality across human IAM, NHI, and workload access: business transformation now depends on governed identity rather than relying on network perimeter assumptions. When every new application and remote workflow adds more access paths, identity becomes the primary enforcement point for risk, productivity, and accountability. Practitioners should treat identity governance as a prerequisite for digital change, not a cleanup activity after deployment.
A few things that frame the scale:
- This post draws on SailPoint's identity-security commentary, and the broader NHI governance problem is visible in 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- Our research also found that only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, which shows how quickly governance confidence drops as identity sprawl increases.
A question worth separating out:
Q: What frameworks should identity teams align to when tightening access governance?
A: Identity teams should align governance with Zero Trust principles and identity control frameworks that emphasise least privilege, continuous verification, and lifecycle enforcement. The practical goal is to make access conditional, time-bound, and reviewable, rather than assuming that a granted entitlement should remain valid indefinitely.
👉 Read our full editorial: Identity security is now the foundation for digital acceleration