惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

有赞技术团队
有赞技术团队
量子位
B
Blog RSS Feed
Schneier on Security
Schneier on Security
L
LINUX DO - 最新话题
博客园 - 三生石上(FineUI控件)
Recent Announcements
Recent Announcements
Hacker News: Ask HN
Hacker News: Ask HN
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Google DeepMind News
Google DeepMind News
N
News | PayPal Newsroom
阮一峰的网络日志
阮一峰的网络日志
Microsoft Security Blog
Microsoft Security Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
T
Tailwind CSS Blog
MongoDB | Blog
MongoDB | Blog
大猫的无限游戏
大猫的无限游戏
PCI Perspectives
PCI Perspectives
aimingoo的专栏
aimingoo的专栏
D
Docker
T
The Exploit Database - CXSecurity.com
Last Week in AI
Last Week in AI
W
WeLiveSecurity
Stack Overflow Blog
Stack Overflow Blog
月光博客
月光博客
Vercel News
Vercel News
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
J
Java Code Geeks
O
OpenAI News
C
Cisco Blogs
Hacker News - Newest:
Hacker News - Newest: "LLM"
爱范儿
爱范儿
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
T
Threat Research - Cisco Blogs
Cisco Talos Blog
Cisco Talos Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
Help Net Security
Help Net Security
Scott Helme
Scott Helme
The Hacker News
The Hacker News
Y
Y Combinator Blog
A
Arctic Wolf
V
V2EX
P
Proofpoint News Feed
Simon Willison's Weblog
Simon Willison's Weblog
A
About on SuperTechFans
S
Securelist
G
Google Developers Blog
Cyberwarzone
Cyberwarzone
The GitHub Blog
The GitHub Blog

Forbes - Innovation

Why Do Humans Have Fingerprints? Hint: It’s Not What You Think Booking.com Confirms Data Breach, Reservation PIN Codes Changed Why Major News Sites Are Blocking The Internet Archive’s Wayback Machine iPhone Fold Release Date: New Report Details Frustrating Apple News Comet Tracker: How To See Pan-STARRS And Three Planets On Wednesday NYT Mini Crossword Today: Tuesday, April 14 Hints And Answers Today’s NYT Strands Hints, Spangram, Answers: Tuesday, April 14 (It’s A Little Unclear) Today’s Wordle #1760 Hints And Answer For Tuesday, April 14 Most Of The Microplastics In Urban Air Come From Tires Today’s Wordle #1759 Hints And Answer For Monday, April 13 NYT Mini Crossword Today: Monday, April 13 Hints And Answers NYT Pips Today: Hints, Answers And Walkthrough For Monday, April 13 The YC Chief Who Codes 10,000 Lines A Day Has A Simple Secret Samsung Expands One UI 8.5 Beta To More Galaxy Owners Why You Should Stop Using Your iPhone If It’s On This List Chamath Says Firms That Treat AI As A Strategy Hand Rivals Their Edge 3 Unexpected Habits Of Secure Couples, By A Psychologist The First Lamp That Folds Your Clothes Samsung’s Disappointing Price Update For Galaxy Phone Buyers 3 Subtle Signs Someone Is Falling In Love With You, By A Psychologist Do Mantis Shrimp See More Colors Than Humans? A Biologist Explains NYT Connections Answers Explained For Monday, April 13 (#1,037) NYT Connections Hints Today: Monday, April 13 Clues And Answers (#1,037) LEGO Luigi & Mach 8 (72050) Review: 2026’s Best Set Yet? Marc Andreessen Says AI Productivity Will Trigger A Hiring Boom 3D Printing Is The Ultimate Hack To Reduce Household Spending Apple iPhone Fold: Striking Design Revealed In Leaked Photos Apple Smart Glasses: New Leak Reveals A Major Design Twist To Beat Meta Tested: The AI Coming To The Rivian R2 Quordle Hints Today: Monday, April 13 Clues And Answers Companies And H-1B Employees Endure Immigration Waits At Consulates 3 Easy Ways To Turn Anxiety Into Sustained Focus, By A Psychologist Here’s The Most Affordable Humanoid Robot You Can Buy Now UFC 327 Results: 5 Biggest Takeaways From A Wild Night In Miami UFC 327 Results, Bonus Winners, Highlights And Reactions Dana White Announces Huge New Fight For UFC White House Today’s NYT Strands Hints, Spangram, Answers: Sunday, April 12 (Get Ready) Tesla ‘Model 2’ Rises From The Ashes Today’s Wordle #1758 Hints And Answer For Sunday, April 12 NYT Pips Today: Hints, Answers And Walkthrough For Sunday, April 12 Tyson Fury Vs. Arslanbek Mahkmudov Results: Highlights and Reaction NYT Mini Crossword Today: Sunday, April 12 Hints And Answers How Shadow AI Culture Is Destroying Your Business Venture Capital Funds That Market Like Startups Win More Deals Conor Benn Vs. Regis Prograis Results: Highlights and Reaction Samsung’s Disappointing Price Update For Galaxy Phone Buyers Artemis Reached The Moon. The Grid Can Reach The 21st Century A Biologist Explains How Archerfish Shoot Down Prey. Hint: Their Aim Rivals Human Throwing Is It Time For Apple To Forget About The MacBook Air NYT Connections Hints Today: Sunday, April 12 Clues And Answers (#1036) Trump’s 2027 Budget To Reshape U.S. Environmental And Energy Policy CDC Delays Reporting Of COVID-19 Vaccine Benefits—Here’s What To Know Oura Has Designed A Solution To A Big Smart Ring Problem Netflix’s Best New Show Has A Near-Perfect 95% Rotten Tomatoes Score Coachella 2026 Is Being Taken Over By Creator Streams Quordle Hints Today: Sunday, April 12 Clues And Answers This Startup Wants To Use AI To Help Digitize History How To Get The Best Shield In ‘Crimson Desert’ Microsoft Venom Attack Targets C-Suite Executives ‘Maul: Shadow Lord’ Sets Even More Star Wars Rotten Tomatoes Records 3 Ways Happy Couples Argue Differently, By A Psychologist Success For Leapmotor Might Have Negatives For Stellantis New Names Surface As Potential Rogue And Wonder Woman In The MCU And DCU 4 Reasons Artemis Mission Matters Even If You Think It Is Wasteful Fast ‘Crimson Desert’ Patch Adds New Moves, Shield Hiding And One Great Feature Why Do Humans Blush? An Evolutionary Biologist Explains The Signal We Can’t Control Apple iPhone Fold: Striking Design Revealed In Leaked Photos Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update iOS 26.4.1 Release: Crucial iPhone Feature Update Arrives, But No Security Fix Fury vs. Makhmudov Full Card, Ring Walk Times and How to Watch Can’t Stand Liquid Glass? This New Hidden iPhone Setting Is A Game-Changer Test-Driving The 2026 Changan Deepal S05: Italian Style Made In China NSA Warning—Reboot Your Internet Router Now Ways That Human-AI Collaboration Slides People Into ‘AI Brain Fry’ And Cognitive Downturns Stop Using These Networks—Google, NSA And TSA Warn NASA Changes Moon Plan: Landing Now Depends On SpaceX Or Blue Origin Samsung Expands One UI 8.5 Beta To More Galaxy Owners The Evolution Of Programmable Hardware At Xilinx NYT Mini Today: Saturday, April 11 Hints And Answers Today’s NYT Strands Hints, Spangram, Answers: Saturday, April 11 (You’re Putting Me On) Splashdown! NASA’s Artemis II Returns To Earth After Moon Mission Attention Is All You Need. The Human Kind Is Still The One That Counts Today’s Wordle #1757 Hints And Answer For Saturday, April 11 NYT Pips Today: Hints, Answers And Walkthrough For Saturday, April 11 Android Circuit: Galaxy S27 Pro Emerges, Honor 600 Pre-Order Offers, Pixel 11 Display Leaks Apple Loop: iPhone 18 Pro Leak, Urgent iOS Update, MacBook Neo Issues Morgan Stanley Has Mostly Positive Outlook On Tesla Robotaxi, FSD V15 Running Out Of AI Tokens Faster Than Ever? Here’s Why CoreWeave Shares Pop 13% After Anthropic Deal ‘Euphoria’ Season 3’s Rotten Tomatoes Score Crashes, Has Lost Key Player People Don’t Agree On What AI Can Do, But They Don’t Even Use The Same Product ‘Overwhelming’—Google Issues Gemini Update For Gmail Users NYT Connections Hints Today: Saturday, April 11 Clues And Answers (#1035) Quordle Hints Today: Saturday, April 11 Clues And Answers The Costly Dream Of Space-Based AI Infrastructure Can You See The Watcher In This ‘Daredevil: Born Again’ Shot? Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update You Just Watched The Backdoor Pilot For ‘The Pitt: Night Shift’ Are Nicotine Pouches Like Zyn And VELO Safe To Use? A Doctor Answers Human Resources (HR) Is The Key To AI Success Per WalkMe ( SAP)
The Hidden Risk In Access Management: How Identity Sprawl Is Undermining Business Security
Praerit Garg · 2026-05-11 · via Forbes - Innovation

Praerit Garg, CEO, One Identity, trusted leader in identity security, helping enterprises protect and simplify access to digital identities.

getty

Most executives I’ve spoken with in recent months believe that access management is largely under control. Employees are given access to the systems they need when they join, with permissions typically granted based on their role, and then accounts are disabled when those employees move on to pastures new. On paper, the process appears orderly and well governed, and that inspires confidence.

However, that confidence is often misplaced and tends to fall apart when organizations are asked to take a closer look at how they manage identity and access. According to the Ponemon Institute, only 44% of organizations said they were “highly confident” in their ability to prevent identity-based security incidents, suggesting many companies still struggle to maintain comprehensive visibility when it comes to access management. In a 2025 report, Microsoft revealed that 66% of attack pathways involve compromised credentials or accounts, underscoring the importance of air-tight identity and access management (IAM).

When it comes to access management, the risk rarely sits at the beginning or end of the employee life cycle. It sits right in the middle, where day-to-day work actually happens. Modern organizations are fluid environments where people move between teams, take on new responsibilities, participate in temporary initiatives and interact with a mushrooming ecosystem of applications and services. Each change often requires new access, and those permissions tend to accumulate over time.

What happens far less frequently is the systematic removal of access that is no longer needed. As a result, many employees gradually carry far more privilege than their current role requires, often without even realizing it. So, at a time when identity has become the primary gateway to enterprise systems, the quiet accumulation of access can create an attack surface that few organizations are actively monitoring.

And that’s a breach waiting to happen.

The Insidious Nature Of Access Sprawl

It’s not like a business gets going one morning and realizes they have an identity sprawl problem. It develops gradually as employees move through the natural rhythm of their careers inside an organization. Someone joins a project team and receives access to a new application. Later, they transfer to another role but retain the permissions from the previous one. A new system is deployed, and access is granted broadly so teams can get started quickly. Months or years later, those same permissions remain, even though the work that required them has long since been completed.

It’s important to note that none of this typically happens because of negligence or bad intent. It happens because organizations are complex and fast-moving. Granting access is easy, but removing it requires time, coordination and visibility that many teams don’t have.

One of the reasons access sprawl is so difficult to fix is that it’s often a conscious trade-off rather than a simple oversight. I recently spoke with a CEO who described how access is rarely revoked cleanly when employees get promoted or switch roles. Managers frequently request extended permissions during “transition periods” to avoid disrupting work, but those temporary measures often become permanent.

This reflects our temptation in access management toward low friction, but in reality, some friction is essential. Without it, there is no reliable way to validate whether access is still needed. As AI agents begin to act on behalf of users, often at speeds and scales that humans can’t match, the situation becomes even more critical. There have already been instances where AI agents have deleted entire calendars, folders or batches of emails—not because of any maliciousness from a third party, but because too much leeway was given to the technology.

When Overprovisioned Access Becomes A Serious Security Risk

It’s easy to frame overprivileged access as “unused access,” and in that context it seems fairly harmless. If an employee is no longer interacting with a particular system or account, there doesn’t appear to be any urgent risk. But these “unused permissions” can actually be the biggest vulnerability inside an organization today.

When an account is compromised through phishing, credential theft or session hijacking, attackers inherit whatever access that identity already holds, and if privileges have accumulated over time, the attacker suddenly gains a much wider path through the environment than anybody realizes. In effect, every unnecessary permission increases the blast radius of a breach.

That risk is even more pronounced as cybersecurity has shifted away from defending a single network perimeter. With cloud platforms, SaaS applications, APIs, mobile devices and distributed workforces, the traditional concept of a corporate network with clearly defined boundaries has disappeared. Access is now governed through identity and credentials rather than physical or network location, so privileged accounts have become one of the most valuable entry points for attackers. When identities become the control plane for modern infrastructure, overprovisioned access translates to a direct security vulnerability.

Reining In The Sprawl​​

One of the most effective ways to remedy this problem is to treat access as something that must be continuously validated rather than periodically checked. Organizations need visibility into who—or what—has access to services across their environment, and whether that access is actually being used.

While AI is contributing to this challenge, it’s also part of the solution. It can continuously monitor usage patterns, identify dormant permissions and flag access that no longer aligns with business needs. In many cases, simply identifying unused access can significantly reduce the potential impact of a compromised account.

The challenge, as the CEO referenced above confirmed to me, is that access is often left in place out of caution rather than necessity. Teams hesitate to remove permissions for fear of breaking workflows or disrupting productivity. But in practice, access that has not been used for an extended period of time is rarely critical, and revoking that access shouldn’t be seen as a risk.

If access is genuinely required, it can be requested again. That kind of “friction” isn’t a failure of the system, and with the right access management tools in place, it can feel like just another part of any seamless workflow.​


Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?