惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Application and Cybersecurity Blog
Application and Cybersecurity Blog
B
Blog RSS Feed
M
MIT News - Artificial intelligence
爱范儿
爱范儿
V
V2EX
雷峰网
雷峰网
D
Docker
美团技术团队
N
Netflix TechBlog - Medium
C
Cisco Blogs
T
Threatpost
K
Kaspersky official blog
P
Privacy International News Feed
W
WeLiveSecurity
T
Tor Project blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 聂微东
F
Full Disclosure
Forbes - Security
Forbes - Security
V
Vulnerabilities – Threatpost
I
Intezer
有赞技术团队
有赞技术团队
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Google Online Security Blog
Google Online Security Blog
The Register - Security
The Register - Security
GbyAI
GbyAI
Security Archives - TechRepublic
Security Archives - TechRepublic
Help Net Security
Help Net Security
人人都是产品经理
人人都是产品经理
SecWiki News
SecWiki News
Cyberwarzone
Cyberwarzone
Vercel News
Vercel News
罗磊的独立博客
The Hacker News
The Hacker News
腾讯CDC
S
Security @ Cisco Blogs
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
WordPress大学
WordPress大学
Recorded Future
Recorded Future
Apple Machine Learning Research
Apple Machine Learning Research
博客园 - 【当耐特】
小众软件
小众软件
Hacker News: Ask HN
Hacker News: Ask HN
P
Proofpoint News Feed
TaoSecurity Blog
TaoSecurity Blog
IT之家
IT之家
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
S
Security Affairs
C
Check Point Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org

Forbes - Innovation

Why Do Humans Have Fingerprints? Hint: It’s Not What You Think Booking.com Confirms Data Breach, Reservation PIN Codes Changed Why Major News Sites Are Blocking The Internet Archive’s Wayback Machine iPhone Fold Release Date: New Report Details Frustrating Apple News Comet Tracker: How To See Pan-STARRS And Three Planets On Wednesday NYT Mini Crossword Today: Tuesday, April 14 Hints And Answers Today’s NYT Strands Hints, Spangram, Answers: Tuesday, April 14 (It’s A Little Unclear) Today’s Wordle #1760 Hints And Answer For Tuesday, April 14 Most Of The Microplastics In Urban Air Come From Tires Today’s Wordle #1759 Hints And Answer For Monday, April 13 NYT Mini Crossword Today: Monday, April 13 Hints And Answers NYT Pips Today: Hints, Answers And Walkthrough For Monday, April 13 The YC Chief Who Codes 10,000 Lines A Day Has A Simple Secret Samsung Expands One UI 8.5 Beta To More Galaxy Owners Why You Should Stop Using Your iPhone If It’s On This List Chamath Says Firms That Treat AI As A Strategy Hand Rivals Their Edge 3 Unexpected Habits Of Secure Couples, By A Psychologist The First Lamp That Folds Your Clothes Samsung’s Disappointing Price Update For Galaxy Phone Buyers 3 Subtle Signs Someone Is Falling In Love With You, By A Psychologist Do Mantis Shrimp See More Colors Than Humans? A Biologist Explains NYT Connections Answers Explained For Monday, April 13 (#1,037) NYT Connections Hints Today: Monday, April 13 Clues And Answers (#1,037) LEGO Luigi & Mach 8 (72050) Review: 2026’s Best Set Yet? Marc Andreessen Says AI Productivity Will Trigger A Hiring Boom 3D Printing Is The Ultimate Hack To Reduce Household Spending Apple iPhone Fold: Striking Design Revealed In Leaked Photos Apple Smart Glasses: New Leak Reveals A Major Design Twist To Beat Meta Tested: The AI Coming To The Rivian R2 Quordle Hints Today: Monday, April 13 Clues And Answers Companies And H-1B Employees Endure Immigration Waits At Consulates 3 Easy Ways To Turn Anxiety Into Sustained Focus, By A Psychologist Here’s The Most Affordable Humanoid Robot You Can Buy Now UFC 327 Results: 5 Biggest Takeaways From A Wild Night In Miami UFC 327 Results, Bonus Winners, Highlights And Reactions Dana White Announces Huge New Fight For UFC White House Today’s NYT Strands Hints, Spangram, Answers: Sunday, April 12 (Get Ready) Tesla ‘Model 2’ Rises From The Ashes Today’s Wordle #1758 Hints And Answer For Sunday, April 12 NYT Pips Today: Hints, Answers And Walkthrough For Sunday, April 12 Tyson Fury Vs. Arslanbek Mahkmudov Results: Highlights and Reaction NYT Mini Crossword Today: Sunday, April 12 Hints And Answers How Shadow AI Culture Is Destroying Your Business Venture Capital Funds That Market Like Startups Win More Deals Conor Benn Vs. Regis Prograis Results: Highlights and Reaction Samsung’s Disappointing Price Update For Galaxy Phone Buyers Artemis Reached The Moon. The Grid Can Reach The 21st Century A Biologist Explains How Archerfish Shoot Down Prey. Hint: Their Aim Rivals Human Throwing Is It Time For Apple To Forget About The MacBook Air NYT Connections Hints Today: Sunday, April 12 Clues And Answers (#1036) Trump’s 2027 Budget To Reshape U.S. Environmental And Energy Policy CDC Delays Reporting Of COVID-19 Vaccine Benefits—Here’s What To Know Oura Has Designed A Solution To A Big Smart Ring Problem Netflix’s Best New Show Has A Near-Perfect 95% Rotten Tomatoes Score Coachella 2026 Is Being Taken Over By Creator Streams Quordle Hints Today: Sunday, April 12 Clues And Answers This Startup Wants To Use AI To Help Digitize History How To Get The Best Shield In ‘Crimson Desert’ Microsoft Venom Attack Targets C-Suite Executives ‘Maul: Shadow Lord’ Sets Even More Star Wars Rotten Tomatoes Records 3 Ways Happy Couples Argue Differently, By A Psychologist Success For Leapmotor Might Have Negatives For Stellantis New Names Surface As Potential Rogue And Wonder Woman In The MCU And DCU 4 Reasons Artemis Mission Matters Even If You Think It Is Wasteful Fast ‘Crimson Desert’ Patch Adds New Moves, Shield Hiding And One Great Feature Why Do Humans Blush? An Evolutionary Biologist Explains The Signal We Can’t Control Apple iPhone Fold: Striking Design Revealed In Leaked Photos Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update iOS 26.4.1 Release: Crucial iPhone Feature Update Arrives, But No Security Fix Fury vs. Makhmudov Full Card, Ring Walk Times and How to Watch Can’t Stand Liquid Glass? This New Hidden iPhone Setting Is A Game-Changer Test-Driving The 2026 Changan Deepal S05: Italian Style Made In China NSA Warning—Reboot Your Internet Router Now Ways That Human-AI Collaboration Slides People Into ‘AI Brain Fry’ And Cognitive Downturns Stop Using These Networks—Google, NSA And TSA Warn NASA Changes Moon Plan: Landing Now Depends On SpaceX Or Blue Origin Samsung Expands One UI 8.5 Beta To More Galaxy Owners The Evolution Of Programmable Hardware At Xilinx NYT Mini Today: Saturday, April 11 Hints And Answers Today’s NYT Strands Hints, Spangram, Answers: Saturday, April 11 (You’re Putting Me On) Splashdown! NASA’s Artemis II Returns To Earth After Moon Mission Attention Is All You Need. The Human Kind Is Still The One That Counts Today’s Wordle #1757 Hints And Answer For Saturday, April 11 NYT Pips Today: Hints, Answers And Walkthrough For Saturday, April 11 Android Circuit: Galaxy S27 Pro Emerges, Honor 600 Pre-Order Offers, Pixel 11 Display Leaks Apple Loop: iPhone 18 Pro Leak, Urgent iOS Update, MacBook Neo Issues Morgan Stanley Has Mostly Positive Outlook On Tesla Robotaxi, FSD V15 Running Out Of AI Tokens Faster Than Ever? Here’s Why CoreWeave Shares Pop 13% After Anthropic Deal ‘Euphoria’ Season 3’s Rotten Tomatoes Score Crashes, Has Lost Key Player People Don’t Agree On What AI Can Do, But They Don’t Even Use The Same Product ‘Overwhelming’—Google Issues Gemini Update For Gmail Users NYT Connections Hints Today: Saturday, April 11 Clues And Answers (#1035) Quordle Hints Today: Saturday, April 11 Clues And Answers The Costly Dream Of Space-Based AI Infrastructure Can You See The Watcher In This ‘Daredevil: Born Again’ Shot? Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update You Just Watched The Backdoor Pilot For ‘The Pitt: Night Shift’ Are Nicotine Pouches Like Zyn And VELO Safe To Use? A Doctor Answers Human Resources (HR) Is The Key To AI Success Per WalkMe ( SAP)
The Missing Layer In Identity And Access Management
Peter Hill · 2026-06-17 · via Forbes - Innovation

Peter Hill is the chief executive officer of Gathid.

getty

​Over the past decade, enterprise investment in identity and access management has grown substantially, and for good reason. Identity is now the control plane of the modern enterprise. Every system, every service, every cloud platform relies on identities to grant authority. When identity fails, the consequences are severe.

So organizations have invested. They have deployed identity providers, provisioning platforms, governance tools and privileged access management systems. They conduct access reviews. They train their teams. They follow frameworks. By most measures, the identity stack has never been more mature.

And yet identity-driven incidents keep happening.

The pattern is consistent enough to force a harder question: not whether organizations are investing in the right tools, but whether the tools they have were designed to answer the question that actually matters.

The Question The Stack Cannot Answer

The identity stack is excellent at managing policy and intent. It defines who should exist, what roles they should have and what access should be granted. It enforces authentication. It automates provisioning. It produces audit trails.

What it was never designed to do is tell you what authority actually exists across your environment right now.​

Authority pathways are the chains of relationships through which identities, roles, credentials and systems combine to create real operational control. In any enterprise of meaningful complexity, authority does not exist the way policy intends. It accumulates. A directory group inherits a role. That role carries permissions in a downstream system.

A service account created for a project that ended two years ago still holds credentials that connect to a production environment. A combination of entitlements across three platforms produces effective control over a system that no single platform's policy review would ever surface.

A cloud engineering team creates a temporary automation account during a migration project. The project ends, but the account remains active, still holding delegated administrative access into production Amazon Web Services (AWS) environments through a chain of inherited roles and cross-account trusts. No individual platform flags this as dangerous because each system only sees its own configuration.

And none of this accounts for the machine identities, automation accounts and non-human actors that hold significant authority and were never designed to flow through the human governance process at all.

This is not a failure of governance. It is the predictable result of managing a complex, dynamic environment through the lens of individual systems, each of which only sees its own piece of the picture.

The question that matters is simple: who actually holds authority across this enterprise, in total, today? Traditional systems were never built to answer this.

Why The Gap Is Structural, Not Operational

It is tempting to treat this as a process problem and simply implement better access reviews, more frequent audits, tighter provisioning controls. Those things would help, but they won't close the gap.

The gap is structural. Authority in a real enterprise is not a list of permissions, but a network of relationships. Identities connect to groups, groups inherit roles, roles grant authority across systems and credentials enable automation and delegation. Authority emerges from the connections between systems. No individual platform can see the connections it does not own.

This means organizations are governing identity policy while operating without visibility into the authority pathways those policies create. Access reviews tell you what policy intended. They do not tell you what authority actually formed after inheritance, role combinations and cross-system delegations played out across the environment.

Security incidents follow authority pathways. Most organizations do not have a map of those pathways.

The Incomplete Picture Has A Cost

When identity-driven incidents are examined after the fact, the pattern is remarkably consistent. Authentication was not the failure. The failure was structural: authority existed somewhere it should not have, and no one knew it was there.

A service account retained privileges that should have been removed. A nested group created an escalation path no one had modeled. A combination of roles produced unexpected control over a critical system, not because any single role was misconfigured, but because together they created something the individual platforms never flagged.

These are not exotic attack vectors. They are the normal byproduct of operating complex environments without a structural model of the authority that exists within them. These gaps will continue for as long as security teams are asked to manage authority risk using tools designed to manage policy intent.

What The Missing Layer Actually Requires

Closing this gap does not mean replacing the identity stack. Existing tools are doing their jobs. They need a complementary layer, a capability that sits across all of them and answers the question they were never designed to answer.

That capability must model the full network of relationships between identities, roles, credentials, systems and assets across human and non-human identities alike, and do it automatically, every day. A daily model that can be recomputed deterministically from authoritative enterprise state creates a historical and operational picture of how authority evolves.

With that model in place, the fundamental question becomes answerable. Not just today, but historically. Not just for known risks, but for structural exposures quietly forming in the background.

A Different Conversation About Identity Risk

For a long time, the conversation about identity security has been framed around tools: which provider, which governance platform, which privileged access management (PAM) solution. Those are important choices. But the missing layer is not another tool. It is a different kind of capability entirely, one that completes the picture the existing security stack creates.

Organizations that address the need for this capability tend to discover more than they expected. Not because their teams were failing, but because structural complexity allows authority to accumulate in ways genuinely invisible to tools designed to manage policy.

That discovery, however uncomfortable at first, is the beginning of genuine structural risk management.

The next phase of identity security will not be defined by better authentication or faster provisioning, but by whether organizations can finally see the full authority structures operating across their environments.


Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?