As organizations adopt hundreds of SaaS and cloud applications, identity security is increasingly strained by manual processes and fragmented access controls.In a recent webcast discussion featuring Cerby Chief Strategy Officer Matt Chiodi and Monday.com Director of Global IT Lior Zagury, security leaders explored how app sprawl, human-driven workflows, and inconsistent identity standards can create significant operational and security challenges, and how automation can help address those challenges.Identity security struggles when application growth outpaces the tools used to manage access. Many organizations invest heavily in identity platforms such as Okta, SailPoint, Saviynt, or Microsoft Entra, but those tools work best when applications support modern identity standards like SAML, OIDC, or SCIM. Unfortunately, many enterprise apps still lack those capabilities.Chiodi highlighted the scale of the issue with data showing that more than half of enterprise applications cannot support modern identity federation."Fifty-four percent of enterprise apps don't support SAML or OIDC," Chiodi said, "which means they can't do single sign-on."As a consequence, IT teams must maintain manual processes, such as rotating passwords or provisioning accounts, which ends up slowing operations and increasing risk.Identity plays a central role in most cyberattacks today. Rather than relying on malware, many attackers now focus on exploiting compromised credentials or abusing legitimate access."CrowdStrike, in their latest Global Threat Report," Chiodi said, "found that 82% of detections are now malware-free. That means there's no signature, no payload — just valid credentials."For Zagury, the problem became particularly acute during Monday.com's rapid growth. With the job of protecting thousands of employees and hundreds of SaaS applications in offices across the globe, the IT team struggled to keep up with identity management for apps that lacked modern integration standards.In those cases, onboarding new employees and offboarding leaving ones often required manual intervention from IT staff.Zagury explained that new employees sometimes had to wait days to gain access to necessary tools. Removing access when someone left the organization could take just as long."When an employee joined, it could take days before they had full access to every app they needed," Zagury said. "That's days of lost productivity for a new hire."Manual lifecycle management also consumed enormous amounts of time. By analyzing internal data, Zagury's team discovered they were spending thousands of hours each year managing access for disconnected applications."We calculated that we were spending more than 3,300 hours annually on manual lifecycle management alone," he said.In addition to lifecycle management, compliance processes created additional overhead. As a public company subject to regulatory frameworks such as SOX (Sarbanes-Oxley) and ISO standards, Monday.com had to produce detailed audit evidence showing that access controls were enforced properly. Gathering that documentation manually added thousands more hours of work each year.These challenges illustrate a broader issue: Identity-management systems can often cover only part of an organization's applications. The remaining "islands of identity" — applications that don't follow modern authentication or lifecycle standards — create blind spots in which risk can accumulate.Chiodi and Zagury advocated extending identity governance and administration (IGA) to those disconnected applications rather than relying on manual management. Doing so lets organizations automate employee provisioning and deprovisioning, enforce consistent authentication controls, and reduce reliance on shared credentials for multi-user accounts.Automation can also improve user experience while strengthening security. When access management is integrated into a unified identity environment, employees gain faster onboarding and simpler authentication workflows.Once automation was implemented at Monday.com, Zagury said, "onboarding became immediate ... every employee joined the company and immediately got the applications they needed."The financial impact can be significant as well. By automating lifecycle management and simplifying compliance evidence collection, Zagury said his organization recovered hundreds of thousands of dollars in operational costs and freed security staff to focus on higher-value tasks.Chiodi and Zagury predicted that identity security will become even more critical in the future as organizations adopt AI-driven tools, autonomous agents, and non-human identities. These systems will require consistent identity governance just like human users, expanding the scope of identity security programs.Organizations must rethink identity management as application ecosystems grow, the two agreed. Manual processes may work for a handful of systems, but they quickly break down when companies operate hundreds of applications across global teams.The lesson from Monday.com's experience is clear: Measuring the true cost of manual identity processes — and automating wherever possible — can simultaneously improve security, productivity, and compliance. As attackers increasingly target credentials instead of malware, strong and scalable identity controls are becoming one of the most important pillars of modern cybersecurity.
Identity, IAM Technologies, SSO/MFA
Identity security as app growth accelerates: Why automation is becoming essential
Credit: Adobe Stock Images
Paul Wagenseil
Paul Wagenseil is a custom content strategist for CyberRisk Alliance, leading creation of content developed from CRA research and aligned to the most critical topics of interest for the cybersecurity community. He previously held editor roles focused on the security market at Tom’s Guide, Laptop Magazine, TechNewsDaily.com and SecurityNewsDaily.com.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds