Identity Sprawl is the New Shadow IT: What CISOs Need to Know

Identities are everywhere now: AD, cloud consoles, SaaS apps, and code pipelines. Human and non-human accounts pile up fast. Many are over-permissioned, stale, or poorly owned. That creates blind spots, audit pain, and easy paths for attackers.

In this session, fractional CISO Kip Boyle and David Faulk showed how to spot and shrink identity sprawl without slowing the business. They outlined a simple playbook: discover, classify, right-size access, and keep it clean with ongoing monitoring. The SE ran a short live demo to map hidden or risky identities, surface stale credentials, and show quick wins with ITDR/PAM controls. Attendees left with steps they could act on this quarter and metrics to prove value.

Who attended: CISOs, IAM leaders, SecOps/ITOps managers, cloud/platform owners.

Key takeaways

• Spot the common signs of identity sprawl (human and non-human).
• Build a simple cleanup plan: discover, classify, right-size, then monitor.
• Quick wins: disable stale accounts, rotate secrets, use just-in-time access.
• Measure value in business terms: fewer over privileged accounts, faster audits, and a smaller blast radius.

Get a Red-Team Assessment of your Identity Infrastructure. Request a FREE Identity Security Risk Assessment and get a snapshot of your identity security risks at no cost or obligation.