Podcast: The Security Strategist

Guest: Rick Wagner, Senior Director, Product Management at SailPoint

Analyst: Jonathan Care, Lead Analyst, KuppingerCole

The identity security market is crowded, but a significant change is occurring below the surface. In a recent episode of The Security Strategist podcast, host Jonathan Care, Lead Analyst at KuppingerCole, sat down with Rick Wagner, Sr. Director Product Management at SailPoint

In this episode, Wagner pointed out a growing gap between how enterprises manage access and how modern systems operate. As AI and machine identities grow rapidly, traditional models no longer work.

Static Access Reviews Are Breaking at Scale

For years, enterprises have depended on periodic access certifications to manage access. However, such a model is proving to be weak. “Periodic access reviews only look at appropriate access at a point in time,” says Wagner, noting that “certification fatigue results in rubber stamping.”

The challenge is both scale and accuracy. With machine identities often outnumbering humans, governance processes designed for manual oversight are quickly becoming outdated. “Doing those certifications at agent speed is literally impossible,” he adds, emphasising the need for change.

Also Watch: Why AI Agents Demand a New Approach to Identity Security

How is Real-Time Authorisation & AI Redefining Identity Security?

The way ahead is real-time authorisation, which continuously checks if access is appropriate at the moment it is requested. “It’s not only appropriate— is it appropriate right now?” Wagner explains.

This change depends on context, incorporating information such as device health, user behaviour, and risk level. Frameworks like the Shared Signals Framework help enterprises implement this by allowing real-time data sharing across the security ecosystem. This approach leads to more dynamic, policy-driven access that keeps pace with AI systems.

How to Tackle Shadow AI?

At the same time, CISOs face the rise of shadow AI, an expanding network of agents operating with little oversight. “You can’t manage what you can’t see or what you don’t know about,” says Wagner, highlighting visibility as the first line of defence.

The long-term goal is autonomous identity governance, where systems continuously evaluate and adjust access based on risk. “As risk levels start to increase, we might add additional factors up to quarantining that access,” he explains.

In this new framework, identity becomes the core of cybersecurity strategy. As Wagner puts it, the ongoing challenge is urgent – determining “who has access to what—and is that access appropriate right now.”

Key Takeaways

  • Real-time identity governance replacing static access reviews 
  • AI and machine identities outpace human oversight
  • “Certification fatigue” is weakening traditional access controls, increasing risk through unchecked approvals.
  • Non-human identities (AI agents, bots) are now the fastest-growing and least visible attack surface.
  • Context-aware access decisions—based on risk, behaviour, and environment—are becoming the new standard.
  • Visibility into agents and their permissions is critical: “you can’t manage what you can’t see.”
  • Autonomous, risk-adaptive identity security is emerging as the end-state for modern enterprise cybersecurity.

Chapters

  • 00:00 Introduction to Identity Security in AI Era
  • 06:54 Managing Privileged Access Risks
  • 13:52 Real-Time Governance and Joiners, Movers, Leavers
  • 20:14 Strategic Moves for CISOs in Agent-Based Operations

For more information, please visit em360tech.com and sailpoint.com

To stay updated on B2B Tech front and centre, follow EM360Tech:

YouTube: @enterprisemanagement360

LinkedIn: @EM360Tech

X: @EM360Tech

Follow SailPoint on all its major platforms:

YouTube: @SailPointTechnologies

LinkedIn: @SailPoint

X: @SailPoint

#IdentitySecurity #AIAgents #RealTimeGovernance #SailPoint #IAM #ShadowAI #Cybersecurity #EnterpriseTech #TechLeadership #CIOInsights #DigitalTransformation #MachineIdentities