But before you can start implementing robust identity management solutions, there are three fundamentals to get straight first:

You need to know what you’re covering so you can maximise tooling capabilities – and establishing an accurate inventory is far from easy. This is a key area that organisations talk to me about a lot, looking for practical support.

At this point, many organisations are ready to launch straight into implementation, but I still advise caution and further consideration.

Taking a beat and finding time to understand the whole identity picture is invaluable in getting security right, from where the traditional end-user identifications apply through to the multi-cloud and beyond.

Map out where privileged access, authentication, access management and governance and assurance fit into security requirements that stretch across users and endpoints, the edge layer, managed cloud security and through to the network layer. And explore how micro-segmentation controls across the layers can minimise identity breaches.

In my day-to-day security practice, I’m spending a lot of time helping organisations to protect their edge layer, particularly when they’ve experienced mergers and acquisitions or need to allow third-party identity access controls.

As I track the development of the Privileged Access Management  landscape, I’m increasingly convinced that we should treat identity like data – recognising that it has similar sovereignty issues. Effective identity management solutions today should be able to flex to meet the regulatory requirements of different regions, so the organisation’s data assets are protected wherever they are held.

Given the complexity of all this, managing your identity platform across a global estate may be something you think about outsourcing. However, it’s important to remember that you can’t outsource accountability, even if you outsource operations. You’ll need to keep a close eye on who is responsible for what and feed this into your strategy management.

So, where does that leave you?

It’s clear that identity management is essential if you’re to have defence in depth, and that it’s a complex area to navigate. Because of this, it’s worth investigating how strategic partnerships can add value to your security by bringing expertise to the table, and how a through-life partner can take on a share of the risk.

Our security experts see securing the multi-cloud as a holistic activity. Our approach highlights the importance of the identity of human and non-human users, admin accounts and endpoints. As part of this approach, we also prioritise protecting your data in transit and at rest, so you can meet your confidentiality, availability and integrity requirements.