Machine identity sprawl and cyber resilience: what teams need to know

TL;DR: Machine identities now often outnumber human users 10 to 1, 72% of companies intentionally retain dormant machine identities, and 60% have seen audit issues from poor machine identity management, according to SailPoint’s Horizons of Identity Security Report 2024-25. Identity maturity is becoming a resilience control, not just an IAM metric.

NHIMG editorial — based on content published by SailPoint: Identity at the helm: Why cyber resilience starts with modern identity security

By the numbers:

• Machine identities now often outnumber human users 10 to 1.
• 72% of companies surveyed admit to intentionally retaining dormant machine identities.
• 60% of companies have experienced audit issues stemming from poor machine identity management.

Questions worth separating out

Q: How should security teams govern machine identities at enterprise scale?

A: Security teams should treat machine identities as a governed population, not a side effect of application delivery.

Q: Why do dormant machine identities create so much security risk?

A: Dormant machine identities are risky because they remain valid even after the business need has passed.

Q: How do organisations know whether identity maturity is actually improving?

A: Identity maturity is improving when teams can show fewer unowned accounts, faster entitlement cleanup, better visibility into third-party and machine access, and fewer audit findings tied to access control.

Practitioner guidance

• Inventory every machine identity and owner Create a single inventory for service accounts, API keys, certificates, and third-party access paths, and assign a named business owner to each one.
• Remove dormant non-human identities on a schedule Define and enforce offboarding and revocation routines for dormant machine identities so unused credentials do not remain available indefinitely.
• Reduce privilege before audit season exposes it Review machine and third-party entitlements for excess access, then shrink permissions to the minimum set required for current business use.

What's in the full article

SailPoint's full article covers the operational detail this post intentionally leaves for the source:

• The report's maturity model breakdown across Horizon 1 and Horizon 2 organisations, including how manual processes affect risk handling.
• The specific survey findings on audit issues, insurance premium pressure, and incident reduction tied to identity maturity.
• The practical examples of how higher-maturity organisations use identity intelligence to speed detection and response.
• The infographic and report framing behind SailPoint's identity resilience claims.

👉 Read SailPoint's analysis of identity maturity and cyber resilience →

Machine identity sprawl and cyber resilience: what teams need to know?

Explore further

View Full Forum →  |  NHI Foundation Course →