Identity security gaps: what IAM teams need to fix now

TL;DR: Identity compromise drives a large share of breaches, with stolen credentials cited in 86% of incidents and compromised identities as the first step in 80%, according to Zluri’s article. That makes identity security a governance problem, not just an authentication problem, because access scope, rotation, and monitoring determine how far an attacker can move.

NHIMG editorial — based on content published by Zluri: Access Management Identity Security: Why Does It Matter?

By the numbers:

• stolen credentials cause 86% of breaches
• compromised identities are the first step in 80% of breaches
• only 5.7% of organisations have full visibility into their service accounts

Questions worth separating out

Q: What breaks when identity security only verifies login and not access scope?

A: Login verification alone does not stop a valid identity from being overused after entry.

Q: Why do service accounts increase breach risk in IAM programmes?

A: Service accounts often carry persistent access, broad entitlements, and weak ownership, which makes them easy to miss in review cycles.

Q: How do security teams know whether identity security is actually working?

A: Identity security is working when access is narrow, reviewed, and quickly revocable across both human and non-human identities.

Practitioner guidance

• Map identity control coverage by actor type Separate human users, third-party accounts, service accounts, and machine identities, then test whether each has a clear owner, approval path, and review cycle.
• Reduce standing privilege before expanding automation Identify privileged accounts that can reach sensitive data, cloud control planes, or administrative functions without just-in-time elevation.
• Audit secrets embedded in code and scripts Search source repositories, configuration files, and CI/CD pipelines for long-lived credentials, then replace them with centrally managed secrets and rotation controls.

What's in the full article

Zluri's full blog post covers the operational detail this post intentionally leaves for the source:

• Step-by-step explanation of identity security controls across authentication, authorisation, access management, and privilege enforcement.
• Practical examples of how SSO, MFA, PAM, and secret management fit into a broader identity security programme.
• Expanded discussion of how identity security supports zero trust, compliance, and breach reduction in day-to-day operations.
• Vendor-specific product context for teams evaluating access governance tooling.

👉 Read Zluri's analysis of why identity security matters for IAM teams →

Identity security gaps: what IAM teams need to fix now?

Explore further

View Full Forum →  |  NHI Foundation Course →