Identity Management Day Expert Commentary

Alex Quilici CEO of YouMail

This Identity Management Day, be skeptical, not scared. By now, your identity is already out there. Your phone number, job title, connections, even your social security number — all publicly available. The genie is out of the bottle, and pretending otherwise only puts you at greater risk.

The question isn’t how to hide your identity. It’s how to operate safely in a world where your personal and professional information is already exposed. Assume attackers know more than they should. They’re using publicly available data to impersonate company leaders, target employees, and launch social engineering campaigns that feel alarmingly real. Add in voice cloning and AI-generated deepfakes, and the risk multiplies fast.

Your personal cell phone is often the softest target. It’s the entry point for malware, impersonation attempts, and data exfiltration. And when that device blurs the line between work and personal life, it becomes even more dangerous.

This is where tools make a difference. Not just to block suspicious calls or scan for anomalies, but to give you visibility into what’s being exposed and how it’s being used. The goal isn’t to lock down every piece of information — that’s no longer realistic — but to reduce the blast radius when something goes wrong.

Stop chasing perfect privacy and focus instead on proactive protection. That means using technology to monitor for threats, automating offboarding to close access gaps, reassigning ownership, rotating credentials, and putting guardrails in place to detect unusual activity early.

Rom Camel, CoFounder and CEO of Apono

This Identity Management Day, let’s spotlight the evolving role of identity security in an increasingly digital and AI-driven world. With remote work, cloud adoption, and digital transformation accelerating, organizations face mounting challenges in managing access to sensitive data and systems.

Emerging technologies like zero trust architecture, decentralized identity, passwordless authentication, and AI-driven security are reshaping identity management. In particular, Large Language Models (LLMs) and AI-powered automation are transforming how organizations make access decisions—analyzing vast amounts of data in real-time to detect anomalies, enforce least privilege, and streamline identity governance.

By embracing cloud-based identity and access management (IAM) and leveraging AI for dynamic, context-aware access control, organizations can strengthen security, enhance efficiency, and maintain compliance—without adding friction to user experiences.

Identity is the foundation of cybersecurity. By prioritizing AI-driven innovation and proactive security, we can build a resilient, adaptive digital future for all.

Piyush Pandey, CEO of Pathlock

Identity Management Day is a reminder that the conversation around identity has changed fundamentally. For decades, traditional identity governance has been primarily focused on driving operational efficiencies through identity lifecycle management, which addresses the joiner-mover-leaver model. However, amid rapid digitalization, this approach has started to fall short, as reality dictates its own terms – with access risks continuously emerging in the myriads of business applications as user roles change throughout their careers.

Our highest-risk, regulated business processes are no longer effectively controlled. Traditional identity frameworks simply can’t keep up with today’s dynamic risk landscape.

Potential negative consequences of overlooking these identity-related risks include excessive access, data breaches, compliance failures, and corporate fraud.

Identity security for high-risk applications must now focus on compliant provisioning and continuous controls monitoring. It’s not just about ensuring the right people have the right access at the right time – it’s about proactively preventing internal fraud, audit failures, and reputational damage, while responding to risks in real time. And while automating audits saves time and money, securing identity access today must go well beyond compliance.

Kris Bondi, CEO and Co-founder, Mimoto

The concept of identity is at an inflection point where it will explode into multiple areas. Today, most people still consider identity to be synonymous with a credential or authorized person. That is quickly changing.

Organizations are realizing the adherent danger in this assumption. According to the IBM data loss prevention report, 95% of malicious activity has a human element. We see this illustrated with the increase in compromised credentials, deepfakes, account takeovers, and internal malicious activity that is missed or the opposite, a tidal wave of false positive alerts.

I predict two changes we’ll see before the Identity Management Day 2026. First, the nuance of the term identity will become widely used. For example, machine-to-machine identity management, workload identities, and person-based identity are all terms used in some DevOps or SOCs that will become more widely understood and used. Second, instead of focusing on protecting “identities,” aka credentials, highly accurate person-based credentials will be used to identify malicious activity in real-time with an understanding of context that hasn’t been possible until now. It is the difference between there is something to investigate with Jack’s account, or, Jane is using Jack’s credentials to access financial systems that she isn’t approved to view.