FlagThis

Abstract

This talk addresses the critical challenge of Identity and Access Management (IAM) "drift" in rapidly growing enterprises, where nested groups and "quick-and-dirty" permission grants create an unmanageable blast radius. The speaker proposes the implementation of a Security Knowledge Graph to map the relationships between users, groups, and assets. By transitioning from traditional relational databases to a graph-based model, organizations can achieve deep observability into access paths, automate the removal of unused permissions, and implement context-aware enforcement to mitigate the risks posed by compromised accounts and unauthorized AI agents.