Today is Identity Management Day and this year’s theme is “Finding Identity: The Search for You, Me, and the Machines,” reflecting the reality that machine and agentic identities now vastly outnumber human ones.
Identity Management Day used to be a useful prompt to remind people to turn on two-factor authentication and audit their passwords. However, this year, the more urgent conversation is one most organizations haven’t had yet: do you know who, or what, actually has access to your systems?
Commenting on this is Dan Moore, Sr. Director, CIAM Strategy & Identity Standards at FusionAuth:
“Machine and agentic identities now vastly outnumber human identities, dramatically expanding the attack surface. Every AI agent, every automated pipeline, every API key, and every service account is an identity. And unlike a human employee, these identities don’t get offboarded when a project ends. Instead, they accumulate, quietly persisting in the systems, rarely seeing the same level of scrutiny as a human login.
This year’s Identity Management Day theme – Finding Identity: The Search for You, Me, and the Machines – captures this challenge well. Identity is about governing how humans, machines, and intelligent systems interact securely and at scale.
For businesses building or scaling digital products, this has a very practical implication. The identity layer is now the security perimeter. Breaches are often caused by someone (or something) using a legitimate identity to walk through the front door. Stale credentials, over-permissioned service accounts, and machine identities with no defined lifecycle are where the real risk lives.
The good news is that getting this right doesn’t require starting from scratch. It requires treating identity infrastructure with the same intentionality as any other critical system, instead of an afterthought.”
UPDATE Cameron Matthews, CISO, Radiant Logic adds this comment:
“Identity Management Day is a timely reminder that identity has become the primary control plane for modern security, especially as organizations expand across cloud, SaaS, and now AI-driven environments. The challenge is that most enterprises are still operating with fragmented identity data, making it difficult to see who has access to what, and whether that access is appropriate or risky. This lack of visibility creates blind spots that attackers increasingly exploit, particularly as non-human identities and automated processes multiply. To address this, organizations need to move beyond static identity governance and embrace continuous identity observability that provides real-time insight into access, behavior, and risk. Ultimately, treating identity as a dynamic, data-driven layer of security is imperative to enable Zero Trust to function as intended in today’s environment.”
Like this:
Like Loading...
Related
This entry was posted on April 14, 2026 at 12:28 pm and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Today is Identity Management Day
Today is Identity Management Day and this year’s theme is “Finding Identity: The Search for You, Me, and the Machines,” reflecting the reality that machine and agentic identities now vastly outnumber human ones.
Identity Management Day used to be a useful prompt to remind people to turn on two-factor authentication and audit their passwords. However, this year, the more urgent conversation is one most organizations haven’t had yet: do you know who, or what, actually has access to your systems?
Commenting on this is Dan Moore, Sr. Director, CIAM Strategy & Identity Standards at FusionAuth:
“Machine and agentic identities now vastly outnumber human identities, dramatically expanding the attack surface. Every AI agent, every automated pipeline, every API key, and every service account is an identity. And unlike a human employee, these identities don’t get offboarded when a project ends. Instead, they accumulate, quietly persisting in the systems, rarely seeing the same level of scrutiny as a human login.
This year’s Identity Management Day theme – Finding Identity: The Search for You, Me, and the Machines – captures this challenge well. Identity is about governing how humans, machines, and intelligent systems interact securely and at scale.
For businesses building or scaling digital products, this has a very practical implication. The identity layer is now the security perimeter. Breaches are often caused by someone (or something) using a legitimate identity to walk through the front door. Stale credentials, over-permissioned service accounts, and machine identities with no defined lifecycle are where the real risk lives.
The good news is that getting this right doesn’t require starting from scratch. It requires treating identity infrastructure with the same intentionality as any other critical system, instead of an afterthought.”
UPDATE Cameron Matthews, CISO, Radiant Logic adds this comment:
“Identity Management Day is a timely reminder that identity has become the primary control plane for modern security, especially as organizations expand across cloud, SaaS, and now AI-driven environments. The challenge is that most enterprises are still operating with fragmented identity data, making it difficult to see who has access to what, and whether that access is appropriate or risky. This lack of visibility creates blind spots that attackers increasingly exploit, particularly as non-human identities and automated processes multiply. To address this, organizations need to move beyond static identity governance and embrace continuous identity observability that provides real-time insight into access, behavior, and risk. Ultimately, treating identity as a dynamic, data-driven layer of security is imperative to enable Zero Trust to function as intended in today’s environment.”
Share this:
Like this:
Related
This entry was posted on April 14, 2026 at 12:28 pm and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.