
Artificial intelligence (AI) is raising the stakes around security, as malicious actors increasingly leverage AI-powered techniques to compromise access and credentials. At the same time, the proliferation of connected devices means there are more potential gateways or attack vectors to be secured.
Elsewhere, organisations are leveraging more data and AI-powered personalisation, requiring them to balance user consent, data privacy and the ability to revoke access to personal information, with security.
To address these challenges, organisations require a comprehensive Identity and Access Management (IAM) strategy that harnesses the power of AI while prioritising data quality, consent management and strategic partnerships.
“Threats are becoming ever more sophisticated and widespread, so organisations have to up their game around how they secure services, counter threats and maintain customer trust,” explains James Peet, practice director of IAM at Ensono.
“Meanwhile, customers have never been more demanding in their expectations as to the ease and speed of accessing and using online services tailored to their needs and behaviours. Every extra password or multi-factor authentication (MFA) challenge is going to have an impact in prolonging and adding friction to that experience.”
Organisations must up their game around how they secure services, counter threats and maintain customer trust
This is where IAM can increasingly be viewed as a strategic asset. IAM can unlock new opportunities to deliver better, hyper-personalised digital experiences for users by providing dynamic levels authentication or identity verification based on perceived risk and personal user behaviour. This, in turn, can increase revenue and operational efficiency.
Here, AI is making its mark, with large language models (LLMs) able to continuously learn user behaviour and then adapt authentication and authorisation processes in real-time. Put simply, organisations can better personalise experiences, reduce friction and potentially increase revenues, all without compromising on security.
This adaptive approach calibrates security based on context and risk level. In retail, AI can maintain minimal authentication for low-risk transactions to prevent cart abandonment. For banking, where security is paramount, AI dynamically escalates verification requirements for unusual patterns or high-risk transactions.
“The key is contextual intelligence,” explains Peet. “If a banking customer suddenly attempts a large international transfer from an unfamiliar device, the AI can automatically trigger additional verification steps.”
The result is a nuanced approach that moves beyond one-size-fits-all security, delivering appropriate protection without unnecessary friction. This intelligent balancing ensures robust security when needed while maintaining seamless experiences for routine, low-risk activities.
Reaping the benefits of a modern IAM strategy
So how can technology leaders reap the security and operational benefits of IAM while enhancing the customer experience?
It begins with recognising that IAM is no longer just an IT problem – it’s a critical business asset that needs to be a strategic priority at a C-suite level.
However, many organisations face the challenge of managing multiple legacy systems and databases for identity management. “We’re seeing identity convergence among both major UK and US retail banks,” says Adam Preis, director of product and solution marketing at Ping Identity.
“They’re no longer able to use 20 or 30 different legacy and point solutions in their identity space. The bigger the organisation, the more complex the environment. They can’t move; there’s no agility.”
In response to these pressures, organisations find that consolidating these disparate systems can help streamline operations, reduce manual processes and improve overall efficiency to provide a single source of truth.
“So, they’re looking to use convergence to become more agile and reduce total cost of ownership, but to also be in the position where they can deliver seamless experiences and personalise their services,” Preis adds.
This also emphasises the importance of data quality, which is the foundation upon which effective identity management is built – particularly in relation to AI.
Peet notes that organisations should have a clear understanding of their data, its location and ownership to support its IAM initiatives. On top of that, they need the ability to access data in real time. “It needs to be up to date, visible and traceable,” he says. “From there, you can start to improve how you collect the data, how you keep it secure, and how you can utilise it.”
More than anything, organisations need to adopt a holistic approach to IAM, considering both security and business outcomes. This includes mapping the end-to-end customer journey to identify access-related friction points and revenue and churn impacts.
Integration and orchestration are key to achieving business objectives
When selecting an identity management solution, one of the biggest considerations should be its ability to integrate with a range of third-party solutions, such as fraud detection, risk management and other business-critical systems.
These integrations are crucial for providing a seamless user experience, especially in scenarios where customers or partners need to access multiple systems or services. Moreover, they enable organisations to better align IAM with their business objectives, such as improving customer experience, reducing churn or increasing revenue.
“Identity underpins every technology, system and service that you provide as an organisation. The more integration points, the more flexible that ecosystem is and the more powerful it will be going forward,” says Peet.
At the same time, the IAM landscape is constantly evolving, with new use cases and requirements emerging. By building an IAM solution with a powerful orchestration engine and strong integration framework, organisations can more easily adapt to changing needs and incorporate new technologies or services as they become available. Orchestration allows organisations to continuously evolve and refine user journeys as needs change and more is learned out of user behaviour.
Here, working with trusted IAM vendors and implementation partners that can provide the necessary expertise and support for integrating the solution with other systems is key. “We can deploy thousands of connectors out of the box,” says Pries. “You don’t have to integrate with threat metrics over six to nine months. It’s available right now.”
Future-proofing IAM for long-term success
To future-proof IAM investments, organisations should focus on three key areas: adopt a hybrid-first architecture that bridges legacy and cloud systems, implement API-first design for maximum flexibility and embrace zero trust principles.
This allows organisations to maintain critical systems while preparing for future innovations. It also ensures IAM systems can evolve alongside emerging technologies and business requirements, protecting long-term investment while enabling continuous innovation.
As organisations face increasingly sophisticated threats and evolving customer expectations, the need for a robust and adaptable IAM strategy has never been more urgent. The good news is that transforming IAM from a siloed IT function into a strategic asset enables secure, personalised digital experiences, ultimately driving business growth and innovation.
By recognising IAM as a strategic business imperative, rather than just an IT function, organisations can unlock a dual-pronged advantage - enhanced security and improved customer experiences.
For more information please visit ensono.com

Artificial intelligence (AI) is raising the stakes around security, as malicious actors increasingly leverage AI-powered techniques to compromise access and credentials. At the same time, the proliferation of connected devices means there are more potential gateways or attack vectors to be secured.
Elsewhere, organisations are leveraging more data and AI-powered personalisation, requiring them to balance user consent, data privacy and the ability to revoke access to personal information, with security.
To address these challenges, organisations require a comprehensive Identity and Access Management (IAM) strategy that harnesses the power of AI while prioritising data quality, consent management and strategic partnerships.