Notifications
Clear all
Topic starter
28/05/2026 11:37 am
TL;DR: Identity now sits in the center of breach paths, with Saviynt citing EY’s view that 90% of breaches involve identity through lateral movement and privilege escalation while AI compresses time-to-exploit and non-human identities outnumber people. That makes identity governance a core control plane for security, not just a compliance function.
NHIMG editorial — based on content published by Saviynt: EY's Ayan Roy on why identity security is now the foundation of defense in depth
By the numbers:
- Identity is involved in 90% of breaches through lateral movement and privilege escalation, making it the most critical and most overlooked layer of cyber defense.
- If a certification campaign only eliminates 2–5% of entitlements, you're doing compliance.
Questions worth separating out
Q: How should security teams govern non-human identities alongside workforce access?
A: Security teams should govern non-human identities with the same ownership, lifecycle, and review discipline used for people, but with tighter rotation and revocation expectations.
Q: When does identity security become more important than perimeter controls?
A: Identity security becomes more important when attackers can reach critical systems through valid credentials, delegated access, or over-privileged accounts.
Q: What is the difference between compliance-driven access review and real identity security?
A: Compliance-driven review checks whether a process was completed, while real identity security checks whether access risk was actually reduced.
Practitioner guidance
- Map identity blast radius across human and non-human access Build an inventory that links each identity to its privileges, downstream systems, and automation paths.
- Reduce standing privilege in high-risk paths Prioritize just-in-time elevation for admin, pipeline, and integration accounts that currently hold persistent rights.
- Tie identity telemetry to detection engineering Feed identity events into SIEM and endpoint workflows so privilege escalation, token misuse, and anomalous delegation can trigger response actions.
Teams that cannot measure blast radius will struggle to prove control effectiveness?
👉 Read Saviynt's analysis of EY's view on identity security and defense in depth →
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
28/05/2026 11:41 am
Identity security is now a core control plane, not a supporting control. The article reflects a broader shift that many CISOs are already confronting. If identity is involved in the majority of breach paths, then detection, authorization, and governance all depend on it. That means identity operations need to be designed as a live defense layer, not as an annual review cycle. Practitioners should align identity controls with breach containment, not just access administration.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
A question worth separating out:
Q: Why do AI agents create new identity governance risks?
A: AI agents create new governance risks because they can act autonomously, chain actions across tools, and hold privileges without a human explicitly approving each step. That makes them non-human identities with execution authority, which means traditional workforce IAM controls do not fully address their access, delegation, or blast-radius risk.
👉 Read our full editorial: Identity security is becoming the foundation of defense in depth
