Build security around identity with risk intelligence: Best practices from the CPO

Chip Hughes, Chief Product Officer, Imprivata

Effective identity and access security depends on strengthening trust and cyber resilience through AI-powered identity threat detection and response.

The foundation for cybersecurity has shifted. The security perimeter is gone, and complex passwords are becoming obsolete. With AI now embedded in most workflows, powering critical business systems, and even accelerating cyberattacks, identity has become the most reliable control point to build security around. It’s the one constant across users, devices, cloud apps, and third parties.

As digital environments become more complex and threats remain unpredictable, organizations must understand the role of identity in building robust cybersecurity defenses.

The evolving threat landscape

Cyber criminals continue to relentlessly target enterprises of all sizes across industries, using a variety of attack methods. Research from Imprivata and the Ponemon Institute shows that 47% of organizations have experienced a breach or cyberattack over the past 12 months that involved a third-party accessing the network. According to Verizon’s 2024 Data Breach Investigations Report, 80% of breaches stem from compromised credentials. In addition to escalating threats, the regulatory landscape requires organizations to be increasingly nimble, strategic, and vigilant. The expiration of CISA 2015 reduces the incentive for information sharing in the event of a breach or cyber incident, creating more gaps and blind spots at a time when AI is making attacks more sophisticated.

Adversaries are scaling faster with AI-powered automation. Ransomware attacks against critical infrastructure rose 9% in 2024, according to the FBI, with healthcare, manufacturing, and energy among the hardest hit sectors. Meanwhile, fragmented regulations and legacy systems make security even more challenging, resulting in a perfect storm of expanding access, accelerating risk, and uneven readiness.

To stay resilient, organizations need more than disparate point solutions. They need an identity-centric foundation that connects authentication, threat detection, and response into one unified access ecosystem.

Identity and access management: The foundation for threat detection

For years, identity and access management (IAM) data has been used mainly as an audit log that gets collected, stored, and utilized for compliance reporting. But modern threats move so quickly that organizations must shift from reactively identifying breaches to proactively monitoring risks to stay protected. IAM data provides a great source to help organizations do just that.

With the threat landscape rapidly evolving, identity has become the new control plane for enterprise security, making identity threat detection and response (ITDR) capabilities a key component of modern cybersecurity strategies. By combining AI, behavioral analytics, and automation, organizations are strengthening resilience without slowing down the pace of work.

ITDR turns identity signals into real-time risk intelligence, continuously ingesting and analyzing every login, session event, and privilege change to detect suspicious behavior. Using behavioral analytics and AI, ITDR builds a live profile of “normal” activity for every user and system. When something deviates—like lateral movement, impersonation, or access in unusual locations or at odd times—identity becomes the sensor that triggers a rapid response, rather than a weakness.

That visibility is transformative for critical environments like healthcare and manufacturing, where shared device ecosystems, shift-based work, and third-party access make static policies insufficient. By continuously validating who’s accessing what and why, ITDR ensures trust is always verified and never assumed.

The new rules of identity security

With staying secure and protected top of mind this Cybersecurity Awareness Month, here are a few best practices for IT and security leaders looking to bolster defenses and enhance workforce productivity through identity and access management.

  1. Leverage identity signals as threat intelligence.
    Every login, MFA event, and privilege change contains valuable data. Treating these signals as real-time telemetry rather than static audit logs is essential to detecting adversaries who operate inside valid credentials.
  2. Utilize passwordless authentication.
    Frontline users, clinicians, and operators can’t afford security friction that leads to risky workarounds. Badges, biometrics, and device-bound passkeys enable fast, secure access without the vulnerability of manually entering passwords.
  3. Ensure comprehensive Zero Trust Network Access (ZTNA).
    Every access request, whether from a vendor, AI agent, or employee, must be continuously verified. ITDR brings the adaptive intelligence needed to enforce Zero Trust principles at scale.
  4. Adopt solutions and strategies that enhance both security and usability. 
    When authentication is a seamless and secure element of the workflow, adoption increases along with the risk of workarounds while driving ROI. By simplifying access, organizations can improve compliance, efficiency, and cyber resilience.

Building trust with visibility and verification

Modern cybersecurity demands more than control. It demands confidence in every user, device, application, and system that the business relies on to stay running. Confidence that your IAM data can reveal threats before they escalate. Confidence that your AI-driven security tools are explainable, interoperable, and accountable.

By building your security strategy around your identity strategy and integrating continuous risk intelligence with ITDR, organizations can unify their security posture, reduce blind spots, and build the human-centered trust needed to thrive in an age of automation, uncertainty, and escalating threats.

At Imprivata, we believe the next frontier of access relies on creating smarter, adaptive layers of trust. In a world where the traditional security perimeter is gone and AI is everywhere, understanding access and identity is paramount for protecting against threats.

With the integration of Verosint’s ITDR capabilities, Imprivata is accelerating that future by bringing AI-driven risk intelligence directly into the access layer, so organizations can secure, simplify, and scale trust across every user and workflow.

Learn more about ITDR on our latest episode of Access Point, the Imprivata podcast where cybersecurity meets operational strategy in mission-critical environments.