Takeaways from Gartner Identity & Access Management Summit 2024

I joined thousands of professionals in Dallas for Gartner’s annual Identity & Access Management Summit. For those who couldn’t attend, I’ve captured some key takeaways and insights from the event.

Identity security challenges demand new IAM approaches

Identity security is emerging as a critical challenge for IAM teams, leaving many leaders concerned. Historically, these teams operated behind the scenes of broader cybersecurity efforts. However, as identities become the new frontline for attackers, IAM teams face  unprecedented risks and challenges. Legacy identity governance and access management technologies, compounded by cumbersome manual processes, are no longer sufficient in today’s threat landscape.

Gartner analyst Rebecca (Becky) Archambault provided practical guidance on how IAM leaders can navigate these challenges as well as balance security concerns to help provide business value so organizations can not only survive but thrive in this evolving environment.

AI co-pilots expose the hidden dangers of over-privileged access

AI co-pilots are spotlighting the persistent issue of workforce over-provisioned access. Despite it being an open secret that ‘least privileged’ access is rarely enforced (Microsoft estimates 95% of standing access goes unused), lackluster enterprise search capabilities and cumbersome file storage taxonomies have helped to reduce the risk of unintended access to sensitive data. Enter AI co-pilots, which excel at identifying and leveraging every resource an employee can access, raising the stakes for IAM teams.

Gartner analyst Max Goss presented his research showing that 40% of enterprise co-pilot deployments have been delayed by at least 3 months due to this and related challenges [also see Jim Alkove post on Copilot's "oversharing problem"]. And, while Microsoft and many vendors have been promoting data governance solutions to combat these threats from within, it is increasingly clear that a focus on identity security and access management is an essential part of this solution. While the dramatic number of identity related security breaches and regulatory requirements haven’t yet moved the industry to “least privileged” posture, enterprise co-pilots may finally be the catalyst for change.

Beyond process automation: Data-driven identity security

Data, analytics and insights are becoming table stakes for identity security and access management. Legacy technologies have been largely focused on automating manual identity and access management policies and processes. Even after investing years and millions of dollars in deployments, many IAM leaders still struggle to answer fundamental questions: Who has access to what? How did they get it? What are they doing with it? And, should they even have it?

This highlights a fundamental gap in data around access and usage across organizations—an inherently data-centric problem. Gartner analyst Nathan Harris discussed the growing need for these teams to adopt a data-centric view to achieve crucial Visibility, Intelligence and Action (and even called out Oleria’s capabilities to do so!).

Identity security vendors multiple: Platforms vs. point solutions

The era of identity security has arrived! Among the hundred plus vendors with booths, it is clear that there is a tremendous amount of investment and innovation occurring to address the accelerating need for identity security. Gartner analyst Brian Guthrie provided market updates for the IGA category and a taxonomy to help leaders compare the growing number of IGA alternatives. Walking through the vendor showcase, it was evident that many solutions address only a portion of the larger challenge.

For example, many startups are focusing exclusively on ‘non-human identities’ (NHI). In discussions with attendees, I got the impression that the only ones who think NHI should be addressed with stand-alone solutions are those vendors and the analysts looking to create a new category. While many of these niche vendors may eventually be absorbed by larger platform companies, IAM leaders are left to question whether they need yet another point solution to manage in an already complex IAM stack.

Identity security vision meets market reality  

Beyond the informative sessions by Gartner analysts, I truly valued the engaging conversations with leaders and practitioners who visited our Oleria booth. It was rewarding to see the positive reactions to Oleria's Trustfusion platform—specifically its ability to deliver clear and complete visibility across all identity and access, including human and non-human, as well as on-prem, SaaS, and cloud—and its expanding capabilities.

The enthusiasm and feedback from these conversations confirmed what this year’s Gartner IAM Summit made clear: as organizations face mounting pressure from AI co-pilots, over-privileged access, and complex compliance requirements, the need for comprehensive identity security has never been more urgent. Our vision to build a world where every organization is trusted to protect the data of all people may be audacious, but the path forward is clear. The future of identity security will be built on visibility, intelligence, and continuous adaptation—and I'm proud to be part of a team helping organizations navigate this critical transformation.