Attending the Gartner Identity and Access Management (IAM) Summit in London felt a bit like being at a conference Sigmund Freud would’ve enjoyed. Instead of everyone psychoanalyzing their mothers, though, everyone was busy analyzing identity. Discovering machine identities is a lot easier than understanding the human mind.
The Power of the Identity Graph#
One of the most interesting presentations was the keynote which focused on visibility. If Freud had been around today, he might have called it “The Subconscious of Your Network.” It’s a map of human and machine identities across organizations, including employees, external partners, service accounts, and sensitive secrets like keys and certificates. And just like understanding repressed desires, understanding your Identity Graph is crucial if you want to avoid sudden breakdowns — except these breakdowns involve hackers instead of childhood trauma.
From Discovery to “Oh, That’s Why We Do This”#
The process outlined in the presentation can be broken down into three main steps:
- Discover Identities: This is like running a group therapy session where everyone finally admits who they really are. Whether it’s human or machine identities, it’s all about dragging them out of the shadows and into the light.
- Calculate Risk Scores: Here we’re rating identities for how likely they are to ruin your day. High-risk identities? Treat them like unresolved complexes — deal with them before they become nightmares.
- Discover Resources, Entitlements, and Policies: This step is like organizing a messy subconscious. You dig deep, find out who has access to what, and start applying boundaries. Healthy boundaries, not the “I’ll pretend you don’t exist” type.
Why Visibility=Observability Matters#
Visibility without action is like having deep insights from therapy and doing absolutely nothing about them. Observability, on the other hand, means turning all that awareness into actual progress, like:
- Catching misconfigurations before they spiral into catastrophic breakdowns.
- Preventing privilege creep (the corporate equivalent of denial — “No, I definitely don’t have admin access. Oh, wait, I do.”).
- Making compliance as simple as ticking boxes instead of reliving traumatic audit experiences.
- Actually reducing attack surfaces instead of just assuming you’re safe because, well, you don’t feel attacked right now.
Final Thoughts#
The big lesson from the Gartner IAM Summit? If you want to secure your enterprise, you have to actually understand it. And as much as we all wish “understanding” was something you could download like a therapy app, it takes work. But the payoff? A safer, stronger, and way less stressful environment.
