Notifications
Clear all
Topic starter
03/06/2026 2:22 pm
TL;DR: Identity security is still split between IAM teams and security teams, even though 91% of organisations rank it among their top five priorities, according to Silverfort. That gap matters because modern attacks move through identity, and governance only works when provisioning, lifecycle, and threat response are treated as one discipline.
NHIMG editorial — based on content published by Silverfort: Identity Decoded and the widening gap between IAM and security
By the numbers:
- 91% of organizations classify Identity Security as a top five initiative.
Questions worth separating out
Q: How should security teams coordinate IAM and threat response more effectively?
A: Security teams should align identity governance with detection and response around the same identity events, not as separate workflows.
Q: Why do identity security gaps persist even when organisations prioritise IAM?
A: Priority does not fix organisational separation.
Q: What breaks when identity governance is treated as admin work instead of security work?
A: The main failure is visibility into how access is used after it is granted.
Practitioner guidance
- Unify identity and security ownership Create a shared operating model for IAM, detection, and response so identity events are reviewed by both governance and security stakeholders.
- Map lateral movement through identity paths Trace how an attacker could move from a valid identity into higher privilege, adjacent systems, or security tooling using trusted access.
- Review lifecycle decisions as security decisions Treat provisioning, recertification, and offboarding as exposure controls, not back-office administration, especially where privileged accounts are involved.
What's in the full article
Silverfort's full analysis covers the operational detail this post intentionally leaves for the source:
- Behind-the-scenes discussion format that shows how identity and security leaders compare decision models in practice
- The Mythos attack anecdote and the wider security reckoning that the episode uses as its starting point
- The hosts' direct conversation about why the identity drawbridge has to rise automatically in crisis conditions
- Episode-level perspectives from IAM and military/security leadership that are not expanded in this editorial analysis
👉 Read Silverfort's analysis of identity security's gap between IAM and security →
Identity security and IAM silos: what practitioners need to fix?
Explore further
03/06/2026 2:29 pm
Identity security is no longer a specialism adjacent to IAM. It is the operating model that has to reconcile access governance with threat response. The article makes the right diagnosis even if it stays organisationally broad: attackers do not care which team owns the system, only whether the identity path is exploitable. That means identity security has to be treated as a control fabric spanning lifecycle, privilege, and detection, not as a handoff between teams. Practitioners should read this as a governance failure when the seams are visible to attackers but not to defenders.
A few things that frame the scale:
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, according to The 2024 ESG Report: Managing Non-Human Identities.
- Enterprises that have experienced a compromised NHI averaged 2.7 separate incidents in the past 12 months, which shows how quickly identity exposure compounds once governance fails.
A question worth separating out:
Q: Who is accountable when identity security controls fail across team boundaries?
A: Accountability has to sit with the function that owns the combined risk, not just the system owner. If IAM issues access and security monitors abuse, both sides need explicit decision rights for escalation, containment, and remediation. Otherwise the organisation creates a gap where each team assumes the other is responsible.
👉 Read our full editorial: Identity security and IAM still operate in separate silos
