As we celebrate Identity Management Day 2025 on April 8th, organizations worldwide are recognizing the critical importance of identity security in our increasingly digital world. Established to raise awareness about the proper management of digital identities, this annual observance serves as a reminder that effective identity management remains a cornerstone of cybersecurity strategy.

In an era where digital transformation continues to accelerate, identity management has evolved from a back-office IT function to a business-critical priority. The proliferation of cloud services, remote work environments, and interconnected systems has dramatically expanded the attack surface, making robust identity and access management (IAM) essential for protecting sensitive data and maintaining business continuity.

Identity Management Day, now in its fifth year, encourages both organizations and consumers to take stock of their identity security practices and implement stronger safeguards against identity-related threats. From credential theft and account takeovers to sophisticated phishing campaigns, the threats targeting digital identities continue to grow more sophisticated.

In this roundup, we've gathered insights from leading security experts and technology providers who are at the forefront of identity management innovation. These industry voices offer their perspectives on current challenges, emerging trends, and best practices that organizations should consider as they navigate the complex landscape of identity security in 2025.

##

Darren Guccione, CEO and Co-Founder, Keeper Security

As technology continues to advance and identity becomes more complex than ever, IT leaders must implement a multi-layered approach to security that addresses the most prevalent existing threats and combats the malicious cyber weapons of the future. Cybercriminals are becoming increasingly sophisticated, leveraging AI to increase the volume and severity of their attacks. Recent research reveals that more than 50% of IT and security leaders have witnessed AI-powered attacks first-hand at their organization and 36% have seen deepfake technology, spotlighting the precipitous rise of these technologically-advanced threats.

Identity Management Day is a timely reminder that although threats continue to evolve, following fundamental cybersecurity best practices remains the most effective method to stay protected against both existing and emerging attack vectors. With privileged accounts being a primary target for cybercriminals, implementing a robust Privileged Access Management (PAM) solution is essential. Verizon’s Data Breach Investigations Report revealed 80% of organizations that adopted PAM solutions reported a significant reduction in successful cyber attacks related to credential theft and misuse, underscoring the criticality of deploying PAM solutions.  

++

Marta Dern, Senior Product Marketing Manager at Oasis Security

Don’t overlook your newest identity risk, Artificial Intelligence (AI) agents. At first glance, AI agents might seem like just another tool, handling IT support, optimizing cloud costs, answering customer questions, and even making decisions. But unlike human employees, AI agents don’t think or reason. They act based on algorithms and data, not intent or intuition.

They don’t log in with usernames and passwords. They authenticate using API keys, managed identities, and machine-to-machine protocols. Unless explicitly programmed to follow your security policies, they often don’t.

Left unchecked, AI agents can create new identities, generate access credentials, and grant themselves privileged permissions without alerting anyone. Over time, this leads to identity sprawl and uncontrolled access to critical systems.

This Identity Management Day is a reminder that identity is more than human. AI agents are non-human identities, and they need to be secured with the same rigor. That means real-time visibility, automated lifecycle management, and guardrails that prevent privilege abuse.

++

Joel Burleson Davis, Senior Vice President of Engineering, Cyber at Imprivata

In today’s landscape, cyber incidents are growing, often due to third-party access, and are disrupting both personal and organizational identities. A recent survey revealed that the most significant consequences of these attacks are the loss of sensitive data, regulatory fines, and severed vendor relationships. With nearly half of organizations experiencing such incidents in the past year, and expectations for these threats to continue rising, effective identity management has never been more crucial.

To safeguard both human and non-human identities, organizations must focus on strategic identity management. Solutions like biometrics and MFA can enhance security, but they must be implemented in a way that doesn’t disrupt operations or impede productivity. The journey to better identity management requires balancing security with seamless user experiences across all digital and human touchpoints.

++

Roy Akerman, Head of Cloud and Identity Security, Silverfort

A complete identity security solution is no longer a nice to have, it’s a need to have. With the use of AI, malicious actors are generating hyper-realistic deepfakes and sophisticated phishing campaigns, allowing them to steal credentials, assume digital identities, and bypass security measures undetected. Leaving credentials exposed and putting defenders in a constant battle to assess, control, and contain potential misuse—before it becomes one of the 80% of breaches caused by compromised identities.

Advanced AI and deepfake technology make visibility key to defending against identity-based threats. Organizations must move beyond traditional identity controls, such as multi-factor authentication (MFA), and adopt a unified, end-to-end identity security approach. Extending security controls across an organization’s entire identity infrastructure will give security teams the visibility needed to detect unauthorized access attempts and the tools necessary to stop a breach before an attacker can spread laterally.

Protecting identities must be a priority every day, not just on Identity Management Day. As threat actors innovate with AI and deepfakes become the norm, organizations must take proactive steps to reevaluate their identity security strategies and dedicate the time and resources necessary to protect every identity—in the cloud or on-premises, human or machine—because in today’s evolving threat landscape, identity security is the make or break.

++

Patrick Harding, Chief Product Architect, Ping Identity

Identity Management Day takes on a whole new meaning this year as individuals and organizations find themselves not only responsible for managing human identities but also increasingly tasked with overseeing AI, as it assumes agentic roles on behalf of humans. The impact AI will have on identity is far greater than we anticipate. For that reason, it’s important for businesses and individuals to ensure their security practices keep pace with the rapid evolution of technologies like AI.

Leaning into approaches like zero trust architectures and decentralized identity models is that much more critical in a digital-first world. As AI attacks target centralized repositories of personal data and look to mimic trusted users, it’s imperative to ensure data isn’t gathered in one vulnerable location and every user is verified, regardless of who they are or claim to be. As the way we work changes, it’s critical we secure our workforce, build customer trust, and deliver the seamless and secure digital experiences individuals deserve.

++

Will LaSala, Field CTO, OneSpan

Identity Management Day serves as a crucial reminder to prioritize secure authentication methods to safeguard digital identities. As digital transactions continue to outpace traditional methods, online identity fraud now accounts for over 70% of all incidents. To better protect users, both businesses and individuals must adopt stringent identity verification (IDV) strategies. The future lies in leveraging robust multi-factor authentication (MFA) solutions, such as FIDO passkeys, alongside Bring Your Own Identity (BYOI) – a model where users can authenticate through their preferred identity provider (IdP), offering more flexibility and control.

BYOI empowers users to leverage the identity systems they trust – whether social logins, corporate credentials, or decentralized identity systems – while maintaining strong security. This user-centric approach meets the growing demand for flexible identity management, allowing individuals to choose their preferred authentication method while ensuring their personal data remains protected. However, it is critical to ensure that the provisioning of these identities is secure, as only then can we fully trust the authentication request.

As digital identity threats continue to evolve, adopting a comprehensive identity verification (IDV) strategy that incorporates both secure BYOI and robust MFA like FIDO passkeys offers a resilient defense for users and businesses alike. This approach not only ensures a seamless and secure experience but also strengthens the overall integrity of the authentication process, providing trust from start to finish.

++

Craig Ramsay, senior solution architect, Omada

Implementing Zero Trust architectures has become essential for securing enterprises as cyber threats continue to evolve. Identity is at the core of these architectures, serving as the golden source of truth for who/what can access an organization’s resources. To implement an effective Zero Trust model, businesses must gain deep visibility into user identities and their operational contexts. This requires a modern identity governance strategy that provides intelligent insights to make informed security decisions across your entire application estate.

However, identity security should not be seen as a purely technology-driven initiative or a barrier to the business—it is a key enabler of digital transformation, business agility and cloud adoption. Organizations that invest in strong identity governance not only enhance compliance and security but also improve efficiency and user productivity.

++

Ofer Friedman, Chief Business Development Officer, AU10TIX

Effective identity management requires effectiveness of the initial process that grants people access to organizations, services, and resources. If a bad actor successfully sneaks in, then from that point on, that person is trusted by any AIM platform. Nobody wants to let trojan horses in, even if they do not misbehave immediately. But not all identity verification services are born equal, even if on the outside they seem to be performing similar actions. In other words, effective identity management starts with making sure that the right people are verified and entitled to access. In 2025, an effective identity verification service must be built with paranoia. It’s no longer about Identity Verification; it is about Identity Risk.

++

Jeff Reich, Executive Director at the IDSA

The rate of change is accelerating, and with it, the growing importance of understanding and securing digital identities. One of the key concerns troubling companies today is identity—and what it truly means. The 2024 Trends in Identity Security report revealed that effectively managing and securing digital identities is a top 3 priority for 73% of organizations, with 22% citing it as their top priority.

This challenge is further complicated by the rise of Non-Human Identities (NHIs)—identifiers associated with devices such as computers, phones, smart assistants, smart TVs, cars, and more. We encounter NHIs every day, often accepting them without a second thought.

To protect and manage identity in today’s world—whether at home, at work, while shopping, or everywhere in between—it’s crucial for individuals and organizations to:

• Establish an inventory of every identity, including NHIs, that they control.
• Ensure that steps to authenticate each identity are tightly controlled and regularly updated (e.g., passwords).
• Assume the information you share will leave your control and be used by an unknown number of entities when encountering an NHI that you do not control.

On April 8, as we observe Identity Management Day 2025, the theme Existential Identity encourages us to rethink the very foundation of our digital selves. It urges us to safeguard what defines us in the virtual world—because as of now, our identity is no longer just what we claim it to be, but what we can prove it is.

++

Bojan Simic, CEO of HYPR

I recognize an urgent need for proactive transformation in identity management, especially with Identity Management Day on April 8. Today's threats—like AI-driven impersonation and deepfake fraud—require a collaborative approach. HR, security, and identity teams must unite to tackle these challenges. Outdated methods, such as in-person office visits (used by 72%) and easily tampered with document-based verification processes (48%), leave organizations dangerously exposed. The numbers are alarming. Last year alone, 50% of organizations suffered breaches, with a staggering 87% linked to identity vulnerabilities and a shocking 95% encountering deepfake attacks.

We are entering what I call 'The Identity Renaissance,' a transformative era where innovative, secure, and user-friendly technologies like phishing-resistant FIDO passkeys are rewriting the authentication rules. This isn’t just about enhancing security, it’s about creating a foundation for growth, resilience, and improved experiences for employees and customers.

I believe HR has a chance to take the lead in this transformation, but it cannot occur in isolation. By collaborating with security and identity teams, we can embrace identity-first strategies that safeguard sensitive data while enhancing onboarding, access, and overall experiences.

The stakes have never been higher, and neither has the opportunity. Let’s embrace The Identity Renaissance, confront these threats head-on, and drive innovation to safeguard our organizations while fueling future growth.

++

Nick Nikols, Vice President, NetIQ Products, OpenText Cybersecurity

Identity Management Day 2025 reinforces a critical truth: cybersecurity starts with identity. Every digital action and process—whether initiated by a person, agent, or microservice—hinges on proper identity management, making it the first and most crucial checkpoint in a company's security strategy. Identity is key to determining and enforcing appropriate access. It is the basis for enforcing least privilege access models and limiting the potential damage either by reducing the risk of compromised credentials, limiting access exposure, or constraining any lateral movement if an initial breach was successful.

Identity isn’t just a piece of the cybersecurity puzzle—it’s the key to resilience, and even the most advanced defenses can be undermined by identity-driven risks like compromised credentials, insider threats or identity-based attacks. Organizations should view this year’s Identity Management Day as a call to action to make identity-first security a core strategy, integrating protective controls like multi-factor authentication, risk-based authorization, access governance, and identity lifecycle management along with detective controls like threat detection and response and continuous monitoring to identify anomalous behavior and keep systems and data secure.

++

Rom Camel, CoFounder and CEO of Apono

This Identity Management Day, let’s spotlight the evolving role of identity security in an increasingly digital and AI-driven world. With remote work, cloud adoption, and digital transformation accelerating, organizations face mounting challenges in managing access to sensitive data and systems.

Emerging technologies like zero trust architecture, decentralized identity, passwordless authentication, and AI-driven security are reshaping identity management. In particular, Large Language Models (LLMs) and AI-powered automation are transforming how organizations make access decisions—analyzing vast amounts of data in real-time to detect anomalies, enforce least privilege, and streamline identity governance.

By embracing cloud-based identity and access management (IAM) and leveraging AI for dynamic, context-aware access control, organizations can strengthen security, enhance efficiency, and maintain compliance—without adding friction to user experiences.
Identity is the foundation of cybersecurity. By prioritizing AI-driven innovation and proactive security, we can build a resilient, adaptive digital future for all.

++

Piyush Pandey, CEO of Pathlock

Identity Management Day is a reminder that the conversation around identity has changed fundamentally. For decades, traditional identity governance has been primarily focused on driving operational efficiencies through identity lifecycle management, which addresses the joiner-mover-leaver model. However, amid rapid digitalization, this approach has started to fall short, as reality dictates its own terms - with access risks continuously emerging in the myriads of business applications as user roles change throughout their careers.

Our highest-risk, regulated business processes are no longer effectively controlled. Traditional identity frameworks simply can’t keep up with today’s dynamic risk landscape.
Potential negative consequences of overlooking these identity-related risks include excessive access, data breaches, compliance failures, and corporate fraud.  

Identity security for high-risk applications must now focus on compliant provisioning and continuous controls monitoring. It’s not just about ensuring the right people have the right access at the right time - it’s about proactively preventing internal fraud, audit failures, and reputational damage, while responding to risks in real time. And while automating audits saves time and money, securing identity access today must go well beyond compliance.

++

Kris Bondi, CEO and Co-founder, Mimoto

The concept of identity is at an inflection point where it will explode into multiple areas. Today, most people still consider identity to be synonymous with a credential or authorized person. That is quickly changing.

Organizations are realizing the adherent danger in this assumption. According to the IBM data loss prevention report, 95% of malicious activity has a human element. We see this illustrated with the increase in compromised credentials, deepfakes, account takeovers, and internal malicious activity that is missed or the opposite, a tidal wave of false positive alerts.

I predict two changes we’ll see before the Identity Management Day 2026. First, the nuance of the term identity will become widely used. For example, machine-to-machine identity management, workload identities, and person-based identity are all terms used in some DevOps or SOCs that will become more widely understood and used. Second, instead of focusing on protecting “identities,” aka credentials, highly accurate person-based credentials will be used to identify malicious activity in real-time with an understanding of context that hasn’t been possible until now. It is the difference between there is something to investigate with Jack’s account, or, Jane is using Jack’s credentials to access financial systems that she isn’t approved to view.

++

Norbert Kiss, Senior Vice President - APAC, Delinea

Identity Management Day is a timely reminder of how identity is more than just user credentials. Machine identity should also be considered. With machine identities now outnumbering user credentials by a factor of 46 to 1, they are now the biggest risk in the identity space. This represents an expanded attack surface, and the rise of AI is accelerating the speed and precision of attacks. With machine identities set to surpass 45 billion by the end of 2025, cybercriminals are increasingly exploiting non-human access to move through systems undetected. Yet many organisations still focus almost entirely on human credentials, leaving a changing attack surface exposed and often overlooked. Securing identity now means securing everything - people, systems, applications, and automated processes. That starts with limiting standing privileges, continuously verifying access and gaining visibility across every identity in the environment. Machine identities are no longer a future issue, they are already reshaping how breaches happen. Identity is now central to an organisation’s security strategy.

++

Mark Wojtasiak, VP Product Research & Strategy at Vectra AI

Attackers are increasingly abusing identities to launch and spread attacks, with 90% of organizations experiencing identity-related breaches in the past year. Because traditional security tools like multi-factor authentication (MFA) are no longer enough to prevent these attacks, it’s critical for security teams to focus on detecting ever-evolving and emerging attacker methods that target both human and machine identities, from network to cloud. With that said, the growing sophistication of hybrid attacks demands the use of AI-powered tools for real-time, behavior-based detection to combat cybercrime tactics such as phishing-as-a-service (PhaaS) and ransomware-as-a-service (RaaS) models.

Fortunately, 89% of Security Operations Center (SOC) teams plan to integrate more AI in the coming year to replace outdated threat detection methods. Organizations can strengthen their defenses by using this technology to fortify their identity defenses and know when attackers have compromised an account or abused privilege. As attackers continue to gain access through logging in rather than traditional hacking methods, it's crucial for SOC teams to detect and identify active threats exploiting identities to properly defend their modern network against today’s modern attacks.

##