Dr. John Pritchard is the Chief Product Officer at Radiant Logicresponsible for the company’s global product vision.
“Your personal information has been compromised due to a data breach.” I have received four of these notices this year alone. It’s not surprising. This year’s research by the Identity Defined Security Alliance (IDSA) shows this 84% of organizations have experienced identity-related incidents. The same survey says that securing identity has become a top priority. The main reason for these incidents is the spread of identity.
Identity proliferation is the ever-increasing number of digital identities and accounts managed by different systems. This is not a new problem, but it is persistent. Many organizations, especially more mature ones, have huge internal silos of identity information that accumulate over time. This could be multiple directories, old legacy systems or custom applications.
Even newer organizations are suffering from another major factor: the rampant increase in employees creating accounts directly in cloud-based applications. Adding to the problem are non-government service accounts: non-human identities that drive a lot of internal automation work.
Identity hygiene is the practice of “cleansing” all of this. It is a set of preventive measures that organizations perform. When complemented with detection measures, organizations can reduce their overall attack surface. This approach emphasizes a combination of reaction and prevention, where the disciplines of Identity Threat Detection and Response (ITDR) and Identity Security Pose Management (ISPM) intersect.
Defining ISPM and ITDR
ISPM offers a proactive approach to securing identities by addressing vulnerabilities before they can be exploited. It empowers identity groups by providing comprehensive visibility into user accounts, rights, and permissions. By finding weak points such as orphaned accounts and outdated licenses, ISPM helps reduce blind spots.
Expert guidance from Gartner and NIST Cybersecurity Framework (CSF) Both highlight the importance of ISPM as a fundamental sanitation tool. They emphasize its role in protecting against potential breaches by maintaining strict, proactive oversight of identity data.
Instead, ITDR works in real time, monitoring user behaviors and system activities and looking for anomalies that could signal a security event, such as unusual login attempts, unexpected privilege escalations, or suspicious access patterns.
Because both are necessary
While ISPM and ITDR serve different purposes, their real strength lies in their combined effectiveness. ISPM augments ITDR by significantly reducing the attack surface. By identifying and eliminating orphaned accounts, enforcing permissions, and addressing misconfigurations, ISPM ensures that fewer vulnerabilities are exposed.
This results in fewer false positives or low priority alerts. With fewer problems, ITDR can focus its detection capabilities on more critical and targeted threats. More importantly, SOC teams benefit immensely by reducing the signal-to-noise ratio of their various alert systems.
Instead, ITDR plays a critical role in informing ISPM strategies. The real-time threat intelligence that ITDR provides, such as detecting suspicious login attempts or detecting abnormal behavior, provides valuable data that ISPM teams can use to adjust access policies. For example, if ITDR flags unusual activity on a specific set of accounts, ISPM can respond by auditing and tightening permissions, ensuring that access controls are properly adjusted to mitigate future threats.
The closest analogy to this is the combination of preventive maintenance steps we perform on our cars and the fault detection systems we use while driving. One helps minimize the risk of the other occurring. While ITDR deals with runtime, ISPM works upfront, minimizing the risk of breaches occurring in the first place, ensuring ongoing hygiene and identity visibility.
Where ISPM shines
Developing both identity branches in combination is especially valuable for regulatory compliance. Industries such as finance, healthcare and the public sector are subject to stringent data security, access control and identity management requirements.
Regulatory frameworks such as HIPAA, SOX and GDPR require organizations to demonstrate meticulous oversight of access to sensitive data and systems. ISPM plays a vital role here by ensuring that roles and rights are clearly defined and managed according to these standards. Prevents “toxic permission pairs” where users are granted overlapping privileges that could lead to security risks.
Beyond compliance, ISPM enhances risk reduction and cost management. By constantly checking permissions and ensuring that access rights are properly aligned with user roles, ISPM helps prevent costly breaches and minimizes insider threats.
It detects overprovisioned accounts and misconfigurations that might otherwise go unnoticed, which could lead to exploitation by cybercriminals. By proactively addressing these vulnerabilities, organizations can reduce the likelihood of breaches, reducing the financial and operational impact of responding to security incidents.
How AI can help address the growing complexity of identity data
Beyond the AI hype cycle, the historically core strength of using artificial intelligence techniques lives in their ability to work with complex data at scale. As organizations grow, their identity infrastructures become more complex. Managing thousands of identities across different systems, applications and environments creates a difficult landscape to navigate and evaluate.
AI-powered visibility and analytics tools are uniquely equipped to handle the volume and complexity of this real-time identity data. The combination of machine learning and GenAI techniques creates a powerful set of data understanding and “what if” conversational capabilities. This allows organizations to automate the detection of misconfigurations that attackers could otherwise exploit.
My research in this area shows that organizational adoption is higher with AI tools that help make complex decisions rather than automating the decision itself. For example, AI doesn’t just analyze data—it can prioritize risks based on impact, allowing identity teams to focus their efforts on the most critical vulnerabilities. AI systems can also correlate access logs with rights and permissions, spotting patterns that signal potential anomalies.
By detecting these subtle warning signs, AI provides reliable information that informs both ISPM’s proactive measures and ITDR’s real-time responses. This speeds up the detection of threats and the implementation of the necessary corrective actions to mitigate them.
The need for continued action on identity security
Identity security is not a one-time task, but an ongoing process that requires constant adaptation. Both ISPM and ITDR must be consistently implemented to keep pace with evolving threats.
Together, ISPM and ITDR create a continuous protection loop—ISPM’s proactive governance reduces vulnerabilities, while ITDR’s reactive capabilities ensure rapid detection and response.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Am I eligible?
