Identity chaos in companies: Why guidelines alone do not provide protection

Compliance guidelines convey a sense of security. They may even meet all legal requirements, but is that enough? After all, security does not come from simply following rules, but from consistently implementing them in everyday life. And this is precisely where the problem lies: how credible can a zero-trust approach be if identities and access rights are not managed in a traceable and continuous manner?

When data becomes a ticking time bomb – a story that affects many companies

Lena is the Chief Information Security Officer (CISO) at a successful medium-sized company. With the digital transformation, the company experienced rapid growth. However, new cloud services, hybrid working models and external partners have made the IT landscape more complex than ever: The number of digital identities, applications and access rights has exploded – and with it the risks to data protection, compliance and corporate security.

While the management celebrated innovation, Lena saw the company through different eyes: identity management was chaotically organised. She knew that outdated processes and manual approvals – often on demand – were no longer sufficient. Incorrect authorisations, inefficient recertifications and a lack of transparency jeopardised both IT security and compliance with legal requirements. Employees changed departments, but their old authorisations remained in place. External service providers were given access to sensitive data without anyone knowing exactly for how long and for what purpose. The IT department was overloaded and the documentation was incomplete. Audits became a nerve-wracking experience, because in the worst case, there was even the threat of personal liability risks for management.

Then what Lena had always warned about happened: a former employee used his still active authorisation to copy confidential customer data. The consequences? A GDPR fine, loss of trust among customers and partners, damage to reputation, internal investigations and a management team that suddenly had to understand what ‘identity chaos’ really means.

Growing threat from identity-based attacks – Europe 2025

Unfortunately, this story is not an isolated case. In 2025, the number of identity-based cyber attacks in Europe reached a new record level. According to recent studies, stolen digital identities are now among the most common attack vectors. The following key figures and facts about IAM and IGA illustrate the security-related advantages of modern IAM solutions in the European context.

• Identity-based attacks: 79 per cent of all cyber attacks use stolen identities.
• Theft of access data: 23 per cent of cyber attacks recorded worldwide in 2024 occurred in Europe. Almost a third of incidents in Europe led directly to the theft of access data.
• Overprivileged accounts: 73.9 per cent of companies grant unnecessary access rights.
• Automated IGA process: Only six per cent of companies have fully automated their IGA.
• Security illusion with digital identities: 91 per cent of companies consider themselves ‘well protected’ – despite rising attack numbers and inadequate technical defences.

The security situation in Germany

The threat to digital identities in Germany continues to grow: according to Bitkom, 87 per cent of German companies have been affected by cyber attacks in the last twelve months. The economic damage rose to €289.2 billion, 70 per cent of which was directly attributable to cyber attacks. Access data, communication data and customer data are most frequently affected. 73 per cent of companies have seen an increase in attacks and 35 per cent expect the situation to worsen. Despite this situation, only 50 per cent feel well prepared, while 59 per cent see their business existence threatened. Bitkom demands: ‘Cyber security must be an integral part of every digital strategy.’

From compliance to true security: why IGA is crucial

These figures make it clear that formal compliance alone is not enough to protect companies effectively. Only the consistent implementation of central IAM and IGA principles creates the basis for true security and sustainable compliance. Modern IGA solutions such as Omada are the key to closing this gap and making companies future-proof.

From challenge to solution: IGA with a holistic approach

The introduction of an IGA solution rarely goes smoothly. Many companies underestimate how strongly identity and authorisation processes influence the organisation. It is not just about technology, but also about lived processes, responsibilities and transparency.

In practice, it often turns out that:

• Role models exist only on paper – or not at all.
• Interfaces between HR, IT and specialist departments are patchy.
• Authorisations are assigned manually but never checked.
• No one feels truly responsible until something happens.

This is exactly where a holistic IGA approach comes in: it helps to reveal these structural weaknesses and systematically remedy them. Not through a tool alone, but through a combination of technology, methodology and change management.

What companies gain in concrete terms:

• Less risk: No orphaned accounts, no overprivileged access, no GDPR pitfalls.
• More clarity: Who has access to what and why? This question can finally be answered.
• More efficiency: Automated processes noticeably relieve the burden on IT and specialist departments.
• More security: Risks are not only identified, but actively mitigated.

Omada: A powerful IGA platform for modern companies

Omada's IGA solution is one of the leading platforms for the automated management of digital identities and access rights. It was specially developed to support companies in implementing security, compliance and efficiency requirements. Scalability, user-friendliness and governance are taken into account.

Why is Omada so impressive?

• Automation: Omada enables the complete automation of provisioning, recertification and role management. This is a decisive advantage given the increasing complexity of modern IT landscapes.
• Transparency and control: The platform offers comprehensive audit functions and real-time reporting, enabling companies to track who has access to what and why at any time.
• Compliance: Omada supports compliance with standards such as GDPR, ISO 27001, NIS2 and industry-specific requirements through integrated control mechanisms.
• AI-supported processes: By using AI for pattern recognition and risk assessment, potential security gaps are identified early on and addressed proactively.

With over 20 years of experience and a strong customer base in Europe, Omada is a proven solution for companies that want to future-proof their identity management.

With adesso and Omada: IGA holistically conceived and implemented

With adesso as an experienced implementation partner, IGA becomes a real opportunity for greater security and future viability. As a certified Omada partner and experienced IT service provider, adesso brings not only technical know-how but also methodological expertise to the implementation of complex IAM/IGA projects. Our experts are familiar with the challenges in practice and support companies from strategy development to implementation and operation.

What sets adesso apart:

• In-depth expertise in IAM/IGA and regulatory requirements,
• experience from numerous projects in various industries,
• close cooperation with Omada for tailor-made solutions, and
• a focus on sustainable implementation and organisational anchoring.