Security Leaders Discuss Optimizing Identity and Access Management in Critical Industries

As business operations become more digitized and mobile, and as AI and connected devices expand the definition of digital identity, identity and access management (IAM) is evolving from security control into a core driver of productivity. According to a recent report, 92% of security leaders say their organizations have implemented or are planning to implement passwordless authentication. This growing adoption signals a broader shift: identity is no longer a security perimeter, but the foundation for modern enterprises.

On a recent episode of the CISO Series Security You Should Know podcast, “Optimizing Access Management with Imprivata,” hosted by Rich Stroffolino, Chip Hughes, Imprivata Chief Product Officer, joined Kathleen Mullin, former CISO at MyCareGorithm, and Howard Holton, CTO at GigaOm, to discuss how IAM is evolving in critical industries like healthcare, government, and manufacturing. The conversation explored the persistent friction of accessing shared devices and workstations, the promise of passwordless authentication, and how balancing security with usability is redefining efficiency for frontline workers.

Hughes described the challenge many organizations face with IAM, “Getting that user in [to the system] in the most seamless, sometimes passwordless, way possible—in a way that still balances security.”

Organizations must protect sensitive systems while ensuring frontline workers can do their jobs without delay. In hospitals, clinicians may log into shared workstations or devices dozens of times per shift; in public safety, delayed access to critical data because of repeated complex passwords and multifactor authentication (MFA) can mean lost seconds in an emergency. “We ultimately solve the shared access management problem,” said Hughes.

He described that many organizations, like those in the healthcare and manufacturing industries, rely on access to a variety of systems and devices to meet workflow needs—whether that’s a patient’s specialized care plan or a unique production line operating system.

“That machine next to the bed you’ve got to integrate with, the operating system you probably have to integrate with, some sort of virtualization layer potentially you’ve got to integrate with, the apps…you’ve got to be able to do it all—soup to nuts—really quickly so that that user can get in,” he explained.

To address these challenges, organizations are moving toward adaptive, passwordless solutions that secure access without slowing work. By combining technologies like risk-based authentication, biometrics, and shared mobile access, IAM systems can verify users once through a strong authentication event and then maintain secure, continuous access across applications and devices. This approach minimizes repeated logins and password fatigue while preserving accountability and compliance.

Shared mobile programs are also emerging as a key innovation. A shared mobile device access strategy allows frontline workers—such as nurses or technicians—to badge into a shared device via passwordless authentication, access their personalized workspace, and have the device automatically wiped and reset for the next shift. The result is a seamless balance of security, usability, and efficiency that reduces risk, user frustration, and hardware overhead.

As Hughes noted, the future of IAM lies in context-aware, frictionless, passwordless access that adapts to real workflows. This is crucial for securing data and boosting productivity. For modern enterprises, achieving that balance will require continued innovation and closer alignment between security and business leaders to ensure that stronger protection also means a smoother user experience.

Learn how passwordless authentication can streamline security and strengthen trust across your organization.