Insights from SailPoint SKO & Gartner IAM Summit
Keeping up with the pace of change in identity security can sometimes be challenging. New technologies, threats, regulations, vendors and new ways of working seem to pop up almost overnight, and it’s no surprise that AI is front and centre right now, accelerating an already fast-moving landscape
This spring, we attended both the SailPoint SKO and the Gartner IAM Summit to hear the latest perspectives on what organisations should keep an eye on in the near future. From AI and identity governance to shifting threat patterns and regulatory pressure, one thing is clear: identity security is becoming fundamental to how cybersecurity actually works.
Both events were highly relevant, bringing together leading voices across the identity space.
Read the key takeaways from the events here:
Key takeaways from SailPoint SKO
After a few inspiring days at SailPoint’s Sales Kickoff, one thing stood out clearly: Identity Security is moving into a new phase. Not as a future vision, but as something already shaping how organisations operate today.
Governance is moving closer to real-time
A recurring theme was the shift away from periodic access reviews and static governance models. In many environments, these approaches no longer scale. As organisations grow and complexity increases, identity decisions need to happen continuously, not at fixed intervals. Identity is becoming part of daily operations, closer to where risk is managed.
Non-human identities are driving change
Another clear takeaway was the rapid growth of non-human identities. AI agents, machines and service accounts are increasing quickly, and in many environments already outnumber human users. At the same time, governance models have historically been designed around people. This creates a growing gap that organisations need to address. Identity Security is therefore expanding to cover all identity types in a more consistent way.
From static governance to continuous control
SailPoint was clear in the direction: governance is moving from static, point-in-time reviews to continuous, policy-driven control. The goal is not only compliance, but active risk reduction, supported by automation, context and real-time decision-making.
Identity is becoming part of security operations
Another shift is how identity connects to the broader security landscape. Identity data is increasingly used as part of detection and response, providing context that helps security teams understand risk and take action more precisely. This positions identity as a central component in modern security operations.
What this means in practice
Taken together, these shifts point in the same direction.
Identity Security is becoming:
- continuous rather than periodic
- integrated into security operations
- built to handle all identity types, not just people
For organisations, this means rethinking how identity is governed, especially in terms of scale, visibility and how quickly decisions can be made.
From insight to implementation
The challenge is making it work in practice. This is where many organisations are today, moving from understanding the shift to establishing the structure and control needed to operate in it.
Based on insights from SailPoint SKO, where the focus was on how identity is being operationalised in real environments.
Key takeaways from Gartner IAM Summit
At the Gartner IAM Summit in London, one thing became clear: Identity is becoming a fundamental control plane for enterprise security, where access decisions are made and enforced. Identity is no longer just a supporting component in the security stack. It is increasingly seen as both a critical asset and the primary attack surface, which changes how organisations need to approach security.
Non-human identities are now a core challenge
A recurring theme was the rapid growth of non-human identities. Applications, service accounts, APIs and AI-driven identities are increasing quickly, and in many environments already outnumber human users. At the same time, these identities often lack the same level of governance, visibility and ownership that organisations have established for human users. This creates a growing gap between how identities are used and how they are controlled, introducing new types of risk that many organisations are still not fully equipped to handle.
Identity is now the main attack surface
Another clear takeaway was how identity has become the primary target. Attackers are increasingly focusing on identities and access paths rather than infrastructure, using compromised credentials or misconfigured access to move laterally within environments. This shifts the focus. From protecting systems to controlling who and what has access, and ensuring that access is continuously validated.
Visibility and ownership are becoming critical
As the number and types of identities grow, so does the need for clarity. Organisations need to know what identities exist, who is responsible for them, and what access they have across systems. In many environments, this is still fragmented, especially for non-human identities, where ownership is often unclear or not formally defined. Without clear ownership and visibility, control becomes difficult to maintain, particularly at scale.
What this means in practice
Taken together, these shifts point in the same direction. Identity Security needs to cover all identity types, not just people. It needs to be built on visibility, ownership and control that works in practice, not only in policies but in day-to-day operations. For organisations, this means strengthening how identity is managed at scale, improving how quickly decisions can be made, and ensuring that governance keeps pace with how identities are actually used.
Based from insights from Gartner IAM Summit, reflecting how identity is positioned at the core of modern security and business operations.
The insights are based on discussions, sessions and perspectives from both SailPoint SKO and Gartner IAM Summit, combined with our own experience working with identity in practice.
Feel free to reach out to keep the conversation going.
