According to SailPoint’s The Horizons of Identity Security Report, Identity is the new nerve center of enterprise digital transformation. Identity coordinates access, power automation, enables secure growth, operational agility and enables real-time decisions and threat management across systems and users—both human and non-human. The role of identity has fundamentally changed, from foundational control to the new frontier of security.
Most organizations think they’re improving security, but many are actually falling behind. Based on insights from the report:
- 63% of organizations remain in early-stage identity maturity (Horizon 1 & 2)
- For every 3 organizations that improved, 2 actually fell backward
- Only ~10% of organizations operate at advanced identity maturity (Horizon 4+)
As identity evolves from a foundational control to a strategic security frontier, organizations are progressing at very different speeds. To capture this shift, SailPoint developed the “Horizons of Identity Security” framework, a model that maps how organizations mature from basic identity management to advanced, AI-enabled identity operations.
Horizon 1
At Horizon 1, the lowest maturity, organizations lack the strategy and technology to enable digital identities
Horizon 2
At Horizon 2, they have adopted some identity technology, but still rely heavily on manual processes
Horizon 3
At Horizon 3, they have adopted identity capabilities at scale
Horizon 4
At Horizon 4, they have automated capabilities at scale and use AI to enhance digital identities
Horizon 5
At Horizon 5, the closest to the future of identity, boundaries are blurred between enterprise identity controls and the external identity ecosystem, and identity supports the business in next-gen technology innovations
The Four themes
The four themes found in the Sailpoint 2025 survey of global identity leaders.
- Organizations are falling behind as the attack landscape intensifies, AI agents proliferate, and the bar for mature identity security rises
- Organizations that adopt advanced AI and identity data capabilities see significantly higher cost savings, productivity, and risk reduction
- Deployment is a critical unlock in moving across horizons, and many get it wrong
- Organizations need to quantify the full value of identity to secure funding for advanced capabilities, including margin, compliance, and risk impact
The future of identity is tightly linked with data and security
In 2025, advances in AI, data management, and threat detection are reshaping identity security. As identity shifts from a foundational control to the new frontier of security, it has emerged as the central control point in outperforming organizations – where critical decisions are made, policies are enforced, and security operations converge.
Identity now serves as the connective tissue across the security ecosystem, touching every domain from endpoint protection to cloud security.
The SailPoint Horizons maturity framework
SailPoint categorizes identity security programs into five horizons based on an organization’s maturity across four enablement areas: Strategy, technology & tools, operating model, and talent.
Non-Human Identities (NHIs)
Amid these geographic and sector-specific shifts, a broader transformation is underway: the rapid growth of non-human identities.
Machine identities and AI agents are now expanding faster than any other type of identity, driven by the widespread adoption of cloud workloads, automation, and agentic AI.
AI agents are governed in fewer than 4 in 10 organizations today, but they will grow faster than any other identity type, with over one-third of organizations expecting growth exceeding 30% in the next 3-5 years.
Non-human identities now outnumber human ones 45:11 and 60% of organizations fear they pose greater security risks than human identities.
Outperforming organizations, building on prerequisite steps to enable and manage the risks of AI, are adopting emerging capabilities that lead to improved business outcomes. These include optimized identity data workflows, agentic AI for identity operations, identity-centric detection and response, and cloud-based data governance.
By transforming identity from a static control to a dynamic capability that links human identities to machine identities to application entitlements, organizations can prevent millions in potential breach costs while maintaining business continuity.
When incident-response related risk reduction benefits are combined with margin and compliance advantages, the comprehensive business case for increased identity investment in emerging capabilities is compelling for stakeholders across the organization.
Conclusion
Identity is no longer just a control; it’s the foundation of modern security, cloud operations, and AI governance. As SailPoint’s report makes clear, the gap between organizations that treat identity as a strategic enabler and those that don’t is widening rapidly. While some are leveraging automation, AI, and real-time identity data to drive efficiency and reduce risk, the majority remain stuck in manual processes that simply can’t scale.
The question is no longer whether identity matters. It’s whether your organization is ready to operate at the level modern security demands.
Move from IAM to Identity-Driven Security
The organizations leading today aren’t just managing access; they’re using identity as a control plane for security, automation, and AI.
Reputiva helps organizations:
- Eliminate overprivileged access
- Secure multi-cloud environments
- Govern machine and AI identities
- Reduce risk while improving operational efficiency
Book a Cloud & Identity Security Assessment
Understand where your organization stands and what it will take to adopt a modern, identity-first security model.
