The industry likes to say that “identity is the new perimeter,” but the truth is that it always was. What has changed is everything around it. Users, workloads, and data now live across clouds, SaaS platforms, third-party ecosystems, and distributed workforces, far outside any single network boundary. The old idea of a neat, firewall-ringed perimeter has collapsed. In this reality, identity is the only consistent fabric that ties it all together.
In recent years, Identity & Access Management (IAM) has evolved from the behind-the-scenes login plumbing into the modern enterprise security control plane. It is where security is defined by who (or what) has access to what, where risk is evaluated, and where attacks are detected and contained. Identity was, and remains, the de facto perimeter and the most active frontier of modern cybersecurity.
Recent market data underline the urgency: the global Identity and Access Management market is projected to grow from $19.80 billion in 2024 to $61.74 billion by 2032, driven by cloud adoption, regulatory pressure, and the proliferation of human and non‑human identities.
From Boardrooms to Startup Mode
Yossi Barishev isn’t a newcomer to identity and security. His time as the trusted advisor of Fortune 500 CISOs at Sygnia, as well as holding security leadership roles at Fireblocks and CyberArk, exposed him to the complexity of identity, access, and privilege management at scale.
Today, he is leading a stealth-mode venture focused on rethinking IAM infrastructure for enterprises in a world reshaped by artificial intelligence. The company’s goal is to let enterprises run identity as frictionless, standardized & well-engineered operation instead of a patchwork of uncoordinated manual work, tickets, scripts, and fragile integrations.
IAM’s Real Bottleneck: Disconnected IAM stacks
Modern IAM isn’t just about logging people in. The real challenge today sits one layer up: the messy, disconnected, and ever-changing application landscape.
Enterprises keep adding SaaS tools, internal apps, homegrown applications and AI systems. Still, many of those applications are only loosely connected (if at all) to the IAM stack and IGA solution. As a result, identity teams struggle with the basics:
- Onboarding new applications cleanly into IAM and IGA
- Keeping authorization models and roles aligned across systems
- Ensuring every mission-critical app is actually in scope for governance
In theory, IAM provides adaptive authentication, lifecycle management, and governance for both human and machine identities. In practice, those capabilities often stop at a handful of “well-integrated” systems, leaving a long tail of business-critical applications that run with inconsistent roles, custom access logic, and manual processes.
That gap is where risk accumulates: local admins with excessive permissions, orphaned accounts in apps nobody remembers to deprovision, and AI or automation agents granted access outside any central policy.
Extending IAM Across the Application Landscape
The strategic question for enterprises is no longer “Do we have SSO and MFA?” It is: Can we reliably extend IAM and identity governance to every mission-critical application, quickly, consistently, and at scale?
A well-executed IAM and IGA strategy should enable:
- Fast, standardized application onboarding, so new apps are wired into the IAM stack from day one, not years later.
- Consistent, policy-driven access models, instead of each application reinventing roles, groups, and entitlements in isolation.
- Unified governance across the full application portfolio, human and non-human identities included, covering SaaS, internal tools, machine accounts, service users, APIs, and AI agents.
- Accurate compliance and audit trails, because access decisions and changes flow through a central control plane, not scattered tickets and spreadsheets.
But deploying this across legacy systems, cloud apps, and modern AI-driven services is hard.
The world of IAM is begging for a “glue” to hold its loosely held components together. Every application has its own data model, architecture quirks, and permission schema. Most organizations end up with a patchwork: some apps tightly integrated into the IAM stack, others partially connected, and most form a long tail entirely outside adequate governance.
That is the core problem IAM now has to solve:
Not just who can log in, but how quickly and reliably every critical application can be brought under consistent identity lifecycle governance.
What Barishev is Betting On and Why It Matters
Barishev’s decision to build in stealth, rather than rush a public product release, speaks to the stakes and complexities of modern IAM. In a recent conversation on the podcast Real Life Superpowers, he described the importance of founder credibility and internal conviction in building trust, not hype.
“A lot of the credibility that you bring to the table as a business comes from the founders themselves,” Barishev said to the hosts. “And so it’s really important for me to make sure that my customers, my prospects, whoever I engage with, are aware of who I am as a person, are aware of my past, are aware of what I bring to the table from a value perspective.”
His focus on “modernizing IAM in the age of AI” suggests a recognition that the future of cybersecurity won’t just defend networks. It will govern identities, permissions, and access in an increasingly automated and AI‑driven environment.
Given the rapid growth of the IAM market and the escalating need for adaptive, intelligent access controls, Barishev’s approach aligns with the broader industry trajectory. For security leaders, it underscores a simple reality: IAM is foundational.
A Wake‑up Call for CISOs
For CISOs and security leaders, the message is clear. As attack surfaces evolve to include both legacy applications, AI agents, cloud services, and highly distributed workforces, IAM cannot be sustained through spreadsheets, tickets, and one-off integration projects. Manually driven processes and ad hoc fixes were barely manageable when there were a few core systems. In today’s fragmented application landscape, they simply do not scale.
Many organizations still rely on professional services projects to wire individual applications into IAM and IGA, redesign role models, or clean up access. The result is a cycle of expensive, point-in-time fixes that age quickly as new applications, teams, and automation use cases come online. Patchwork integration across a subset of systems gives the illusion of control, while a long tail of critical applications continues to sit outside meaningful governance.
Modern IAM requires a different approach: treating identity as an operational discipline that can be standardized, automated, and extended across the full application portfolio. That means faster, repeatable onboarding of new applications, consistent access models, and governance flows that are built into day-to-day operations rather than bolted on through projects.
In this context, identity is no longer just about usernames and passwords. It is the control plane for who and what can act inside the business. Leaders like Yossi Barishev, quietly building under the radar and focused on making IAM truly scalable across real-world application environments, may offer an early glimpse of where the industry is headed.