


























In Part 1 of this multi-part series, we established that in the AI-age of cybersecurity, identity drives the system. We also broke the bad news: The security world is changing at record pace, and SOC teams are racing to keep up. We unpacked the ways that AI, and its agentic minions, can multiply everything from threats to queries, leaving SOC teams facing unanticipated costs and feeling overwhelmed. In Part 2, we’re bringing you the good news: An updated IAM is ready to secure all-important identity and address new risks. Read on for a roadmap.
In a world where identity rules all, authorization logs and identity signals amass a goldmine of information about:
Now more than ever, SOC teams need rapid access to this data telemetry to assess, act, and secure their organization’s sensitive information. Streamlined access allows for swift action. But enter agentic AI, and things get…complicated. This all-important identity telemetry is not just valuable, it’s vulnerable. It can be used to reveal data domains queried by agents, patterns of user intent, high-value targets and workflows, and internal service topology (via API call patterns).
Without the right security system, organizations risk leaving their data goldmine unguarded against malicious marauders intent on an identity telemetry raid. Want to stop those data pillagers outside the vault? Repatriating key IAM components helps ensure:
It’s time to stop treating telemetry like a feature add-on and start treating it like a precious gem–one that determines organizational rule. Protecting this jewel effectively requires a granular understanding of vendor risk. Some key defense components to consider are:
SaaS IAM offers strong security engineering. However, it can be weak when there’s an urgent need to do something now. For better or worse, AI pushes SOC teams to spend more time in the “right now” zone. As we explored in Part 1 of this series, AI adds identity types, new policy patterns, new audit requirements, and new attack paths, such as injection, agent impersonation, tool abuse, replay and more, across multi-agent flows. These changes necessitate greater readiness and agility so that we can act with well-informed urgency.
If SOC teams want to move fast without breaking things or leaving them open to theft, they need critical infrastructure with defined and recognizable properties. Successful identity infrastructure must demonstrate:
When handled with care, IAM repatriation can work. Done right, it can support every key factor on the list above, and yield big cost and time savings to your strapped SOC team. Rather than attempting a big bang migration, it’s best to start with the pieces where the SaaS model hurts the most.
Repatriation works best at an AI-driven scale. Here is a sequence proven to reduce risks while moving rapidly enough for big results:
Moving the policy evaluation into the environment you control lets your applications run the policy evaluation and:
Treat service accounts, agents, and workloads as first-class citizens with:
AI makes it impossible to avoid machine identity management. Bringing back the machine identity management layer helps scale repatriation without paying a per-token tax. Eliminating this tax reduces the unexpected cost surge noted in Part 1, making repatriation a step forward in money saved.
If tokens are the keys to the kingdom, they deserve careful consideration. A better IAM safeguards token with:
Repatriate–or at least ensure direct control over–the logs and signals containing precious dat intel. This will give you IAM with:
These moves aren’t regressing and turning the IAM clock back to 2012. They’re enforcing a security infrastructure built to address AI impacted in 2026. They’re also informed by over a decade of IAM experience. Past-proofed repatriation works only if it follows modern methodologies and uses modern tooling such as:
The goal is not to rebuild an identity monolith. The goal is to run identity like a product: built, measured, and strong enough to stand the test of a brave new AI world. If this seems like too much too fast, it’s okay to slow down. Follow your organization’s pace and repatriate only what you need. In time, you may be ready for a full repatriation.
SaaS isn’t bad. It’s just not the best tool for a time when AI impact on identity scaling demands a different response. So, while SaaS can still be great for things like rapid onboarding and integration catalogs, standard lifecycle workflows, and certain SSO use cases in organizations with stable, human-centric identity patterns, repatriation merits revisitation. Especially if you are:
As mentioned in Part 1, repatriation doesn’t mean rejecting the cloud. Rather, it means designing identity so that the identity ecosystem can grow for the next decade. This next decade will be the decade of more: more agents, more machines, more decisions, more logs, and more risk. The identity ecosystem must stand ready to handle that increase without compromising enforcement.
Identity is the engine that will enable AI. We must stop treating identity like a convenience service. I need to be able to weave my business processes into my identity ecosystem and not model them after what the SaaS vendor thinks I need.
In 2026, identity is critical infrastructure. We need a system that treats it that way.
What to do next:
Stay tuned for Part 3 in this series, as we begin to explore specific industry drivers and guidance for identity repatriation.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。