Identity management gives organizations better visibility and control over their identity infrastructure – if they use the right approach. Well regarded cybersecurity thought-leader, Francis Odum recently noted that a company’s identity posture could easily be compromised if they stick to slow, compliance-heavy processes.
As we learned at AWS re:Inforce 2025, there are many variables and many approaches that organizations need to wade through to upgrade their current posture to become more agile and intelligent. While some companies have adopted a specific identity management philosophy across the organization, others have a haphazard set of solutions that creates headaches and risks for the organization.
I’ve interviewed many CISOs at major companies looking to improve identity management, and here are the top trends from those conversations:
Identity Security Posture Management (ISPM)
Many companies are scanning the horizon to find the right ISPM approach to modernize their identity posture. From customer and machine identity management to workforce identity management – the ideal approach continuously finds and fixes blind spots while improving functionality for the user to increase compliance.
Some companies have implemented an ISPM solution that closes some gaps but nothing works 100% of the time. Many security teams are considering the shifting role of AI, particularly agentic AI which can be trained to act as an independent identity management sentinel.
Non-Human Identity Management
A significant emerging trend is treating machine identities with the same rigor as human identities. Considering the rapid onset of autonomous AI agents, applications, devices and microservices will need to be monitored and managed in similar ways as employees and customers. Currently, companies are considering very similar approaches to human and non-human identity management, but this could evolve quickly as AI ramps up.
Zero Trust Architecture
First made popular by Forrester Research, the concept of zero trust is gaining momentum today with many organizations looking to streamline their identity management across more of their organization. Zero trust represents a shift from perimeter based models to identity-centric models that focus on users and devices.
Many organizations are looking at zero trust capabilities from a SASE perspective – providing more networking and security controls. While imperfect (companies that have zero trust implementations complain of non-compliance due to its rigidity) modern solutions provide levels of flexibility to build in more human-centric design.
Passwordless Authentication
Organizations are actively pursuing passwordless initiatives. With AI advancing so quickly (in the hands of cyber criminals), it’s becoming harder to rely on traditional passwords for authentication. This is leading many organizations to advance their authentication processes with solutions including tokens, biometric authentication and auto-generated one time passwords. With many people using multiple devices that already include biometric and location sensors, these new approaches are more feasible than just a few years ago.
Identity Governance Maturity
Many organizations are focusing on maturing their Identity Governance and Administration (IGA) capabilities, with emphasis on automated provisioning, role mining, and access certifications. In particular, organizations seeking user-friendly and cost-effective approaches that still provide the compliance and ethical action set out in a company’s governance approach.
Consumer vs. Workforce Identity Separation
There’s a clear trend toward separating consumer identity management from workforce identity, with different platforms optimized for each use case, as seen with organizations using separate solutions for workforce and consumer identities.
Considering the increase in consumer data that is used across the organization, many companies are finding that they need to both increase the ability to access and use consumer data while also keeping the data secure and private.
Always Improving but Never Finished
Even with these new approaches and technologies, identity management is far from solved. No one solution has proven to cover the broad and complex needs of today’s business world. New specialized point solutions emerge every day, more and more are leveraging AI. There are also new management philosophies that sound enticing, but may introduce more headaches if they don’t end up being the right fit.
Getting identity management right today requires an approach that’s custom-fit for a specific set of business needs while open to adapt over time.
About the Author
Dan Fitzpatrick heads up Cybersecurity Market Intelligence for Alium, the buyer intelligence platform designed to address the challenges of enterprise software purchasing. On a daily basis, Dan meets with CISOs and Directors of Information Security at leading enterprises to learn about their experiences with software vendors and what technologies they are investing in. Prior to Alium, Dan worked at Dell Technologies Capital, the venture capital investment arm of Dell, worked with CIOs and CTOs at Gartner and at Forrester Research, held leadership roles at Emergn and Catalant Technologies, and supported Information Security teams while at Veracode.First
Dan can be reached online at [email protected] and at our company website https://www.alium.io/
