Gartner Security and Risk Management Summit: Omada's Take on AI-Driven IGA

At the 2025 Gartner Security and Risk Management Summit, Information Security Media Group’s Tom Field sat down with Omada’s Craig Ramsay, Senior Solutions Architect, and Rod Simmons, VP Product Strategy, to discuss the pivotal role of AI in Identity Governance Administration (IGA). This conversation delved into the evolving threat landscape, the burgeoning impact of non-human identities, and how AI, particularly agentic AI, is reshaping IGA strategies for enhanced security and efficiency.

Rod and Craig shared their unique perspectives on current challenges and how Omada’s approach to IGA empowers organizations to navigate the complexities of modern identity management.

The Evolving Threat Landscape: Identity in the Crosshairs 

“Rather than trying to attack a business system, I would focus on attacking your third party contractor system or attacking your HR system” – Omada

Identity, once an overlooked operational IT problem, is now firmly in the cybersecurity crosshairs, serving as the most common attack vector in large-scale breaches. The familiar adage, “people don’t hack in, they log in now”, rings true due to compromised accounts and credentials. A concerning trend discussed was the increased use of AI in these attacks, leading to a greater demand for AI-driven defense mechanisms. Furthermore, the “explosion in types of identities,” especially non-human identities, presents a significant area of concern and focus from Omada’s point of view.

Rod Simmons highlighted that from an attacker’s perspective, compromising third-party contractor systems or HR systems to insert new employee records is a more effective strategy than directly attacking business applications. Such a tactic allows attackers to appear as legitimate new hires with automated access, enabling them to move freely within an organization. This vulnerability, particularly the trust placed in HR systems as sources of truth, keeps the Omada team vigilant. The rise of deepfakes also poses a significant threat, as voice signatures, commonly used for authentication, can be convincingly faked, potentially allowing attackers to impersonate employees or even bank customers. The proliferation of non-human identities, encompassing devices, applications, and agents, is not a new trend but is gaining increased attention as a threat risk, with estimates suggesting hundreds of non-human identities for every human one. These non-human identities, which now include API security, RPAs, and potentially AI agents, often possess elevated permissions, making their exploitation potentially more damaging if not properly managed. This dynamic reinforces Omada’s commitment to delivering comprehensive identity security for all entity types.

Agentic AI and IGA: A New Frontier in Defense

“AI needs AI. Artificial intelligence needs an accountable individual” – Omada

The Omada Team discussed how AI and machine learning are being leveraged to enhance IGA, starting with deployment efficiencies. Machine learning can help identify clusters of users and their access patterns, while generative AI can then recommend how to build automated policies for auto-provisioning access based on attributes like “manager” and “department”. AI also assists with troubleshooting cryptic logs to help customers understand root causes and resolutions.

Craig Ramsay offered a clear and authoritative perspective on how AI empowers end-users in decision-making through a robust multi-pronged approach. First, AI surfaces highly relevant information directly to decision-makers. Second, it significantly augments the decision-making process by recommending actions informed by historical data and peer precedents, with the crucial understanding that final approval always rests with the user. Third, fully agentic AI provides advanced threat detection and automated response. This sophisticated capability employs intricate pattern matching to pinpoint anomalies or indicators of compromise; an impossible logon event serves as an example. Upon detection, the agentic AI directly signals the IGA solution to initiate immediate, decisive actions, including the comprehensive lockdown of the compromised account and all associated access for that identity.

Omada’s Approach to IGA: Simplified, Scalable, and Agile

A legacy fallacy: “Applying a blockbuster mindset to a Netflix problem” – Omada

Omada champions an approach to modern IGA that prioritizes simplicity, scalability, and agility. By aligning with best practices and removing the complexities inherent in legacy solutions, customers can achieve increased time to value and a lower total cost of ownership. This translates into significant efficiencies, not only in deployment and reduced manual overheads, but also in overall business operations. Benefits include “zero-day provisioning,” where individuals are productive from day one, and improved governance around projects, which are often a source of entitlement bloat.

Omada’s team highlighted, the robust scalability of Omada’s solution to addresses the increasing number of cloud applications and diverse identities. From an agility standpoint, Omada empowers businesses to keep pace with evolving challenges and leverage ongoing innovation. A key barrier for organizations identified was data quality and a lack of consistent data understanding before initiating IGA projects. It was also highlighted that a strong identity-centric strategy that integrates with the broader information security and business plan is paramount, ensuring organizational buy-in. Craig Ramsay also noted that some organizations still apply a “Blockbuster (legacy) mindset to a Netflix problem”, attempting to script and customize rather than simplifying and standardizing business processes for an evergreen solution.

“Identity is everyone’s responsibility” – Omada

To truly make IGA a business enabler, Omada explained that this requires a cultural shift where identity is seen as everyone’s responsibility. By using AI and intelligence to grant quicker access, individuals become productive immediately, reducing access requests and streamlining approval processes. This ultimately boosts productivity, effectiveness, cloud adoption, and digital transformation across organizations. This cultural change, as emphasized by Omada, must originate from the top down, with the CEO and all levels understanding the collective responsibility and benefits of solving this business problem. Ultimately, no one wants to be in the headlines for a breach.

In essence, Omada’s vision positions IGA not just as a security measure but as a strategic business asset, driven by intelligent automation and a forward-thinking cultural approach, to navigate the complexities of modern identity management effectively and securely.

About Omada Identity Cloud

Omada Identity Cloud is a full featured SaaS IGA solution that can manage the highest level of Identity workflow complexity. It is ideal for organizations that need a scalable solution for security, compliance, and efficiency that can be deployed in 90 days.

A successful identity governance project requires the right implementation methodology, not just selecting the right technical solutions. The Omada IdentityPROCESS+ framework offers CISOs, Security Managers, and IT Directors a comprehensive roadmap for deploying and maintaining an identity governance solution, designed to strengthen security, ensure compliance, and enhance operational efficiency.