Identity Sprawl
Identity Sprawl occurs when an organization maintains multiple disconnected identity systems, platforms, and data sources that don't communicate or synchronize. This fragmentation creates inconsistent identity data, duplicate accounts, and governance blind spots across the organization.
# WHAT TEAMS RUN INTO
- —
One person has multiple identities across systems. When they change their password in one system, the others stay unchanged. Compromise of one identity doesn't trigger revocation across the others.
- —
Admins don't know the total scope of what they're managing. User accounts exist in systems nobody remembers provisioning. Access reviews miss entire systems because they're not in the official inventory.
- —
Access control decisions are made in isolation. One system grants access, another doesn't know that happened, and nobody enforces consistent policy across the sprawl.
# WHY IT MATTERS
Identity sprawl is the operational version of technical debt — it accumulates slowly, becomes expensive to fix, and creates vulnerabilities in the cracks between systems. When identity is fragmented, so is visibility. When visibility is fragmented, access control becomes accidental instead of intentional. Every identity decision is a security decision, but when decisions are scattered across disconnected systems, they stop being coordinated decisions at all.