惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

阮一峰的网络日志
阮一峰的网络日志
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Blog — PlanetScale
Blog — PlanetScale
Jina AI
Jina AI
MyScale Blog
MyScale Blog
N
Netflix TechBlog - Medium
月光博客
月光博客
云风的 BLOG
云风的 BLOG
T
The Blog of Author Tim Ferriss
博客园_首页
GbyAI
GbyAI
The Cloudflare Blog
博客园 - 叶小钗
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
MongoDB | Blog
MongoDB | Blog
Y
Y Combinator Blog
博客园 - 三生石上(FineUI控件)
量子位
博客园 - Franky
WordPress大学
WordPress大学
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
人人都是产品经理
人人都是产品经理
F
Fortinet All Blogs
Martin Fowler
Martin Fowler
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
M
MIT News - Artificial intelligence
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
I
InfoQ
Google DeepMind News
Google DeepMind News
S
SegmentFault 最新的问题
大猫的无限游戏
大猫的无限游戏
Apple Machine Learning Research
Apple Machine Learning Research
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Stack Overflow Blog
Stack Overflow Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Last Week in AI
Last Week in AI
J
Java Code Geeks
腾讯CDC
aimingoo的专栏
aimingoo的专栏
C
Check Point Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
V
Vulnerabilities – Threatpost
S
Schneier on Security
D
Darknet – Hacking Tools, Hacker News & Cyber Security
L
Lohrmann on Cybersecurity
S
Securelist
F
Full Disclosure
Cisco Talos Blog
Cisco Talos Blog
小众软件
小众软件
The GitHub Blog
The GitHub Blog

SECURITY.COM

Humble Brag: Symantec® Data Center Security Achieves Common Criteria Certification Tips to Harden Your Air Gapped Environments The Visibility Challenge Nobody Asked For Your DLP Incident Backlog Owes You Closure 5 Reasons Symantec® CBX Delivers Total Endpoint Visibility 8 XDR Questions From the Show Floor Locking Down the Server Data Security Is Having A Moment 5 Ways XDR Helps SOCs Act Faster 5 Ways To Keep AI in Check DLP Made Easier on the Teams Running It Web Traffic Visibility is the New Non-Negotiable The Agentic AI Tsunami is Here: Is Your Legacy IAM Sinking or Swimming? For Financial Services, a Wake-Up Call for Reclaiming IAM Control How Cloud-Managed DLP Lowers the Barrier to Entry As Identity Takes Control, Telecom Needs Repatriated IAM Capable of Keeping Up Post-Quantum Security Starts at the Edge The Public Sector Case for Repatriating IAM in the Age of AI The Data Sovereignty Paradox The Unseen Wall: How Billions of Attacks Were Blocked in 2025 The “Zero-Blindness” Roadmap: Achieving Maturity in the DLP Endpoint Workspace Identity is the Control Plane, and AI Just Changed the Game
IAM Has a Fix for the Modern Identity Crisis
About the Author · 2026-02-18 · via SECURITY.COM
  • In the AI era, identity is the most vulnerable attack vector. 
  • Identity telemetry offers a wealth of information. 
  • A new take on an old approach keeps that data in the right hands.
  • Repatriating a modernized IAM can stabilize mounting costs and reduce identity-based risks. 

In Part 1 of this multi-part series, we established that in the AI-age of cybersecurity, identity drives the system. We also broke the bad news: The security world is changing at record pace, and SOC teams are racing to keep up. We unpacked the ways that AI, and its agentic minions, can multiply everything from threats to queries, leaving SOC teams facing unanticipated costs and feeling overwhelmed. In Part 2, we’re bringing you the good news: An updated IAM is ready to secure all-important identity and address new risks. Read on for a roadmap.

The goal: Gather the identity gold, then keep it safe

In a world where identity rules all, authorization logs and identity signals amass a goldmine of information about: 

  • Who accessed what?
  • From where?
  • Under what device posture?
  • With what privilege?
  • Using which tokens?
  • And which AI agent, acting on behalf of whom, made what call?

Now more than ever, SOC teams need rapid access to this data telemetry to assess, act, and secure their organization’s sensitive information. Streamlined access allows for swift action. But enter agentic AI, and things get…complicated. This all-important identity telemetry is not just valuable, it’s vulnerable. It can be used to reveal data domains queried by agents, patterns of user intent, high-value targets and workflows, and internal service topology (via API call patterns).

Repatriation is the key

Without the right security system, organizations risk leaving their data goldmine unguarded against malicious marauders intent on an identity telemetry raid. Want to stop those data pillagers outside the vault? Repatriating key IAM components helps ensure:

  • Data residency and sovereignty where required
  • Full-fidelity logging without sampling
  • Consistent data retention aligned to risk
  • Direct integration with detection pipelines—no throttles, delays, or “premium log tiers.”

When identity reigns, telemetry becomes the crown jewel

It’s time to stop treating telemetry like a feature add-on and start treating it like a precious gem–one that determines organizational rule. Protecting this jewel effectively requires a granular understanding of vendor risk. Some key defense components to consider are: 

  • Operational control: Can I change behavior fast during an incident?
  • Dependency blast radius: If dependency goes down, what else fails?
  • Roadmap leverage: Will critical security features be on my timeline?
  • Key custody: Where are the signing keys kept, and who has access?
  • Exit feasibility: Can I migrate without a long-lasting disruption? that lasts quarters?

SaaS IAM offers strong security engineering. However, it can be weak when there’s an urgent need to do something now. For better or worse, AI pushes SOC teams to spend more time in the “right now” zone. As we explored in Part 1 of this series, AI adds identity types, new policy patterns, new audit requirements, and new attack paths, such as injection, agent impersonation, tool abuse, replay and more, across multi-agent flows. These changes necessitate greater readiness and agility so that we can act with well-informed urgency. 

If SOC teams want to move fast without breaking things or leaving them open to theft, they need critical infrastructure with defined and recognizable properties. Successful identity infrastructure must demonstrate: 

  • Deterministic performance under load
  • Local survivability during upstream failures
  • Deep customization for risk controls
  • Tight coupling to internal telemetry and response
  • Predictable scaling costs

For best (repatriation) results, handle with care

When handled with care, IAM repatriation can work. Done right, it can support every key factor on the list above, and yield big cost and time savings to your strapped SOC team. Rather than attempting a big bang migration, it’s best to start with the pieces where the SaaS model hurts the most. 

Repatriation works best at an AI-driven scale. Here is a sequence proven to reduce risks while moving rapidly enough for big results:

1) Move authorization decisioning close to workloads

 Moving the policy evaluation into the environment you control lets your applications run the policy evaluation and: 

  • Make fast, consistent decisions
  • Continue operating during external outages
  • Enforce fine-grained controls without latency anxiety

2) Elevate machine identities and workload IAM

Treat service accounts, agents, and workloads as first-class citizens with:

  • Strong issuance and rotation
  • Short-lived credentials
  • Tight scoping
  • Automated revocation
  • Clear ownership and auditability

AI makes it impossible to avoid machine identity management. Bringing back the machine identity management layer helps scale repatriation without paying a per-token tax. Eliminating this tax reduces the unexpected cost surge noted in Part 1, making repatriation a step forward in money saved. 

3) Manage keys, token services, and session control

If tokens are the keys to the kingdom, they deserve careful consideration. A better IAM safeguards token with:

  • Signing key custody
  • Rotation cadence
  • Emergency revocation capability
  • Risk-aligned token lifetime
  • Step-up auth and conditional access logic

4) Secure the identity telemetry pipeline

Repatriate–or at least ensure direct control over–the logs and signals containing precious dat intel. This will give you IAM with:

  • Full fidelity
  • Real-time access for detection/response
  • No “tier gating” of critical events

Take a step forward with modernized IAM

These moves aren’t regressing and turning the IAM clock back to 2012. They’re enforcing a security infrastructure built to address AI impacted in 2026. They’re also informed by over a decade of IAM experience. Past-proofed repatriation works only if it follows modern methodologies and uses modern tooling such as:

  • Infrastructure as code
  • Automated patching pipelines
  • SLOs and load testing
  • Regional redundancy
  • Chaos testing for dependency failure
  • Strong key management (HSM/KMS)
  • Clear ownership between security and platform engineering

The goal is not to rebuild an identity monolith. The goal is to run identity like a product: built, measured, and strong enough to stand the test of a brave new AI world. If this seems like too much too fast, it’s okay to slow down. Follow your organization’s pace and repatriate only what you need. In time, you may be ready for a full repatriation. 

SaaS isn’t bad. It’s just not the best tool for a time when AI impact on identity scaling demands a different response. So, while SaaS can still be great for things like rapid onboarding and integration catalogs, standard lifecycle workflows, and certain SSO use cases in organizations with stable, human-centric identity patterns, repatriation merits revisitation. Especially if you are: 

  • Building AI agents that call systems at scale
  • Moving toward continuous authorization and fine-grained controls
  • Seeing auth/event volume grow faster than headcount
  • Facing hard data residency constraints
  • Unwilling to accept rate limits as security policy

Get ready for the decade of more

As mentioned in Part 1, repatriation doesn’t mean rejecting the cloud. Rather, it means designing identity so that the identity ecosystem can grow for the next decade. This next decade will be the decade of more: more agents, more machines, more decisions, more logs, and more risk. The identity ecosystem must stand ready to handle that increase without compromising enforcement.

Identity is the engine that will enable AI. We must stop treating identity like a convenience service. I need to be able to weave my business processes into my identity ecosystem and not model them after what the SaaS vendor thinks I need. 

In 2026, identity is critical infrastructure. We need a system that treats it that way.

What to do next:

  • Stress-test your identity control plane with Symantec Identity Security Platform(IDSP): Use IDSP’s centralized policy and high-throughput authorization services to identify where current SaaS IAM rate limits, latency, or outages would impact AI agents, service accounts, and high-volume workloads.
  • Modernize machine identities with Symantec PAM and IDSP: Use Symantec Privileged Access Manager and IDSP to inventory and tighten service accounts, agents, and workload identities with strong issuance, short-lived credentials, and just-in-time access at scale.
  • Read this case study to learn how Broadcom repatriated over 16 million identities onto the Symantec Identity Security Platform while improving scale, resiliency, and ownership.

Stay tuned for Part 3 in this series, as we begin to explore specific industry drivers and guidance for identity repatriation.

You might also enjoy