Henrique Teixeira on why identity management is at a breaking point now

Few people have witnessed identity management’s transformation as intimately as Henrique Teixeira.

From implementing user provisioning tools fresh out of university to leading Gartner’s Magic Quadrant for Access Management, his 25-year journey mirrors the evolution of identity from a technical function to the cornerstone of modern cybersecurity.

In this episode of Atomic Conversations, I spoke to Henrique Teixeira, former Gartner Analyst for Identity & Access Management and now Senior Vice President of Strategy at Saviynt, discussing why 2025 represents a watershed moment for identity, and what organizations need to do about it.

Read through for the key highlights or watch the full conversation here.

From mainframes to AI: Identity as the constant

Henrique’s career has spanned every major technology wave, from mainframe-era security with RACF and ACF2, through the decentralized computing boom, the rise of cloud, and now the AI revolution sparked by ChatGPT in 2022.

“I joke about it, saying that I’m pretty useless outside of identity. I always worked with this since day one, since I was out of university.”

What strikes him most isn’t how much has changed, but what has remained constant. Through every shift—mainframes to data centers, data centers to cloud, cloud to AI—identity has been the throughline. And now, it’s finally getting the recognition it deserves.

We’re in 2025, almost 2026. We’ve been clamoring for years, ‘We need a seat at the table.’ We got what we wished. It’s not only that we have a seat at the table, maybe we have the largest seat on that table today.- Henrique Teixeira

The plumbing problem

During his time at Gartner, Henrique developed a striking analogy for identity’s role in organizations: plumbing.

Just as running water is invisible until something goes wrong, identity infrastructure should work seamlessly in the background, enabling productivity without users ever thinking about it.

However, the problem is that most organizations are running massive operations without proper ‘plumbing’ in place.

If you look at the average organization today, they have hundreds, thousands of apps they need to bring into their identity programs. Surveys show that, on average, only 11% of those apps get onboarded into an IAM program. There is a plumbing issue here, it’s almost like we’re running massive corporations without running water. - Henrique Teixeira

This insight drove Henrique’s decision to move from the advisory side at Gartner to being closer to the problem. As he puts it, “being there is very humbling because we see how difficult it is, especially for fundamental types of challenges.”

Identity challenges keeping CISOs up at night

Drawing from his extensive conversations with security leaders, Henrique identifies three forces creating pressure in 2025:

• Resource constraints and volatility: Geopolitical uncertainties and economic pressures mean leaders must do more with less. The constant question: how can I be more productive with fewer resources?
• ‍Machine identities and non-human entities: While organizations have made progress managing workforce identities—employees, contractors, even consumers—there’s an entire shadow world of service accounts, bots, and AI agents that remains largely unaddressed. “They know this problem exists, but they just didn’t have the time. They said, ‘I have other priorities. I’ll get to that eventually.’ So they have this ticking time bomb.”
• ‍The AI imperative: The pressure to adopt AI quickly creates a difficult balancing act. Move too slowly and get outpaced by competition. Move too fast and risk costly rollbacks. “Research shows that 90% of AI projects actually need to roll back because they either didn’t deliver on the ROI that was expected or were just wrong and had to be rethought.” His advice is simple.

Apply the “assume breach” mentality from cybersecurity to AI adoption.

We can’t cover all the possible holes of AI and predict everything that could go wrong. As long as we have a plan on how we can test things faster and roll back and do that again. - Henrique Teixeira

Identity as enabler, not just protection

One of Henrique’s key insights is that identity is about enabling business efficiency and not simply about security. Unlike other cybersecurity domains that focus purely on protection, identity has always served a dual purpose.

Identity can make people more efficient while they work. Getting employees productive day one (when) they join their organization and already have all the entitlements, all the accounts, all the passwords ready for them to use. - Henrique Teixeira

He recalls timing how long it took organizations to fulfill access requests during his Gartner tenure. The bottleneck wasn’t the technical provisioning; it was what he calls “the archaeology.”

“The biggest time spent was not in the actual creation of the account or adding privileges. It was finding out what assets you need access to and who approves access to that. That was the big chunk of time.”

This is where identity governance and IT service management intersect, a space Henrique finds particularly exciting.

“This is a very interesting intersection of identity and IT service management with chatops as well. We have AIops these days. Two worlds coming together, which I think is pretty exciting.”

From CIEM to zero trust: Defining the identity landscape

Henrique famously coined the term CIEM (Cloud Infrastructure Entitlement Management) while at Gartner. The context was the famous (or rather infamous) 2019 Capital One breach, which exposed how privileges in cloud infrastructure could be abused to devastating effect.

“Cloud infrastructure was a big attack surface back then. By 2020, we had 15-20 companies saying ‘we are a CIEM company’.”

The core insight behind CIEM was simple: identify accounts with dormant privileges that could become attack vectors. “If you don’t use it, you should lose it.”

Today, CIEM has become a capability within privilege access management and cloud security tools, but the underlying problem of managing permissions in boundaryless environments remains. With remote work becoming the norm and perimeter-based security obsolete, identity has become the new frontier.

“The protection became much more about the risk of the identity itself than which IP address you’re coming from, which matters very little these days.”

What separates great identity vendors from the rest

Having led Gartner’s Magic Quadrant evaluations, Henrique has a unique perspective on what makes vendors succeed.

He observes two distinct types:

• The product-obsessed: These vendors build impressive technology but struggle to articulate the problem they’re solving. “They are building this tool looking for a problem,” he said.
• The problem-obsessed: These vendors deeply understand who they are and the specific problem they’re solving. “They have a very strong product-market fit analysis. This is the market I’m going after because of this addressable market.”

“Statistically, the second group were the more successful ones. They had a better ability to execute and even the vision, because they could paint within those corners.”

The other differentiator he observed from close quarters was the user experience.

Buyers aren’t just thinking about how many features you have. They’re looking for an easier way to do their jobs. A lot of vendors forget about that. It’s like, ‘Yeah, you can do a lot of stuff, but it’s horrible to use. - Henrique Teixeira

A final word of advice for next-gen identity leaders

For those entering the identity field, Henrique offers practical wisdom shaped by his quarter-century in the space:

“Find something that is fun, but also something that people would pay money for. In cybersecurity, there's no wrong choice.”

What makes identity special, you ask?

The dual nature of the work.

“You’re connecting with people, you’re connecting with all these worlds. The tools and the problems are about the plumbing and connection. It’s something that protects people but also makes people more efficient, which I think is a very good value proposition.”

I absolutely loved hosting and listening to Henrique's insights on the identity landscape. I'd encourage you to listen to the entire conversation here.