.svg)
Identiverse 2025 once again proved to be a cornerstone event for identity and access management (IAM) professionals, offering a week packed with insights, innovation, and collaboration in Las Vegas. The conference detailed new challenges and trends facing the industry while highlighting the emerging solutions that are shaping today’s identity landscape. From AI-informed strategies to the rise of non-human identities, here’s a comprehensive look at some of the most significant takeaways from this year’s event.
A dominant theme throughout the conference was the urgent need for convergence. Unifying identity and network access, aligning business goals with security priorities, and bridging the gap between technical teams and executive leadership were emphasized across multiple keynotes and sessions. Speakers underscored that identity is no longer just a subset of IT, but a central pillar of organizational strategy, requiring cross-departmental collaboration and a shared vision.
AI agents and agentic AI were frequently mentioned, signaling their growing importance in identity security. Organizations are grappling with how to safely deploy these agents to enhance efficiency and reduce costs without introducing undue risks. These agents, with their expanded access privileges, could potentially cause financial damage or privacy breaches if not properly governed.
Key challenges include the lack of governance frameworks or standards for managing AI agents, highlighting the need to treat them as a new user type akin to traditional categories such as employees, contractors, and vendors. This emerging focus on AI agents underscores the necessity of developing robust security measures and policies to safeguard their use.
Non-human identities, spanning service accounts, APIs, bots, IoT devices, and AI agents, outnumber human identities in many organizations today. Recent ESG research shows NHIs exceed human identities by at least 20:1, and the gap is increasing. Managing these identities has become a significant priority, as their lack of clear ownership, lifecycle management, and proper controls creates considerable security risks.
Conference discussions emphasized the following key points:
One intriguing innovation discussed was the use of transactional tokens: short-lived, narrowly scoped tokens issued just-in-time for specific API calls or operations. These tokens help enforce least privilege principles, reduce credential misuse risks, and support Zero Trust security for non-human identities.
[Watch Now: Machine Identities: Uncovering the Hidden Risks in your Environment]
Our team found that several conference sessions provided deep insights and practical advice.
This session candidly examined the common pitfalls that derail identity governance and administration (IGA) initiatives. Key issues identified included the lack of clear business ownership, excessive customization, and neglect of change management. The session’s core takeaway was that effective governance requires disciplined program management and stakeholder alignment from the outset, not just the deployment of tools.
This talk provided a practical guide for identity professionals on how to frame identity risks in terms of business impact. By leveraging metrics such as regulatory exposure and insider threat scenarios, and focusing on measurable outcomes, identity teams can better engage CISOs and drive organizational support for IAM initiatives.
If this sounds interesting, we’re covering how to create business value from IAM in our upcoming webinar.
This session shed light on the risks posed by over-privileged roles within Azure’s RBAC model. The presenter revealed a critical API vulnerability that could be exploited to extract secrets and pivot into other environments, potentially causing major breaches. Actionable strategies shared included tightening Azure role assignments, adhering to least privilege principles even for read-only roles, and creating custom roles tailored to specific needs.
The conference highlighted that identity governance remains a critical yet complex area in the IAM landscape. While solutions and tools continue to evolve, the foundational challenges, such as aligning stakeholders, ensuring clear ownership, and embedding governance into organizational processes, still persist. The emphasis on thinking beyond technology to include influence and program management resonated strongly across sessions.
Identiverse 2025 highlighted the importance of identity programs extending beyond implementation to emphasize influence, innovation, and integration. As the identity ecosystem becomes more intricate with the rise of AI agents and non-human identities, organizations must adopt proactive strategies to manage risks, ensure compliance, and align IAM efforts with broader business objectives.
Until next year!
Special thanks to Anshul Chaudhary, Frank Urena, and Tim Watson for their contributions to this article.
Discover how IDProof+'s advanced AI, biometric authentication, and deepfake detection protect organizations from fraud, streamline remote hiring, and ensure GDPR compliance.
MIM is now in extended support, but what's the right migration path for your organization? This blog series will examine the options and key considerations to help MIM users to determine their path to the cloud.
This three-part webinar series brings together leading voices to discuss transforming identity security through intelligent automation.
With machines now outnumbering humans by staggering ratios, unmanaged identities have become a critical, and often overlooked, attack vector that organizations can no longer afford to ignore.
Unlock operational insight with IdentityLens—MajorKey Technologies’ advanced reporting and analytics platform for managed services—empowering organizations with real-time identity data, automated compliance, and actionable dashboards for smarter, safer IT operations.
MajorKey’s HorizonID is a transformative solution that bridges the gap between legacy identity systems and modern cloud-based strategies.
Discover how MajorKey’s Managed Operations (MOps) empowers organizations to achieve secure, scalable, and outcome-driven identity management with expert guidance, automation, and 24/7 support. Learn how MOps streamlines operational efficiency, reduces risk, and drives measurable progress for modern identity programs.
NomadID by MajorKey Technologies is an Identity, Credentialing, and Access Management (ICAM) solution designed for Department of Defense (DOD) and federal agencies operating in Disconnected, Denied, Intermittent, Low-Bandwidth (DDIL) environments. It ensures uninterrupted authentication and single sign-on (SSO) capabilities even during network outages or hostile conditions, combining identity management, security monitoring, and governance locally at the edge to uphold security standards and maintain seamless access in challenging or disconnected scenarios.
Whether you're securing privileged access, enabling self-service recovery, or modernizing identity, MajorKey’s IDProof+ provides a proven defense against fraud and identity-based threats.
Non-human identities (NHIs) such as service accounts, bots, and API keys operate autonomously across IT environments but often lack proper provisioning, lifecycle management, and oversight, making them a critical security risk. Effective NHI management requires inventory and ownership clarity, strict access controls based on least privilege, automated lifecycle management, continuous monitoring, and executive alignment to reduce breach risks and ensure compliance.
Identity and Access Management (IAM) can be sold to business leaders effectively by focusing on business outcomes rather than technical jargon. Emphasizing benefits such as increased employee productivity through streamlined access, faster onboarding with automated provisioning, enhanced audit compliance with automated role management, improved customer loyalty via seamless and secure login experiences, and uninterrupted business operations by ensuring timely access to tools helps connect IAM to revenue growth, customer satisfaction, and operational efficiency.
A critical zero-day vulnerability in Microsoft SharePoint Server on-premises, tracked as CVE-2025-53770 and nicknamed "ToolShell," is actively exploited, allowing unauthenticated attackers to execute arbitrary code remotely, potentially compromising entire servers and networks. Microsoft has released emergency patches and mitigation guidance, urging all users to apply updates immediately, enable advanced detection tools like Microsoft Defender, rotate ASP.NET machine keys, and strengthen access governance with Privileged Access Management (PAM) to protect against this severe threat.
Microsoft Entra Global Secure Access is a unified Security Service Edge (SSE) platform combining Microsoft Entra Private Access for secure, identity-based access to private applications and Microsoft Entra Internet Access providing cloud-based Secure Web Gateway and threat protection for internet and SaaS access. It enforces Zero Trust principles, centralizes policy management, enables continuous risk assessment, and delivers seamless, agentless user experiences, making it a modern replacement for traditional VPNs.
Covering the latest thought leadership, events, and news about identity security
.svg)
.svg){kind=icon}
