The Identity Security Glossary
Neutral, vendor-agnostic definitions for the terms that come up most in identity security: IVIP, PAM, IGA, ISPM, ITDR, non-human identity, and the categories around them.
Start Here
33 terms
A
Access Certification
IGAA neutral definition of an access certification campaign: the recurring review that confirms existing access is still needed, and revokes what isn’t.
Agentic Identity
Non-Human IdentityA neutral definition of agentic identity: the credential and access footprint an autonomous AI agent holds and acts through, distinct from the static service account it may run under.
API Key
Non-Human IdentityA neutral definition of an API key: the static token that authenticates programmatic access, and why "static" is exactly what makes it hard to govern.
I
Identity Attack Surface Management (IASM)
ISPMA neutral definition of Identity Attack Surface Management: mapping every path an attacker could take through identity and privilege, not just scoring the accounts you already know about.
Identity Governance and Administration (IGA)
IGAA neutral definition of Identity Governance and Administration: the lifecycle and certification workflows it runs, and the data those workflows depend on.
Identity Graph
IVIPA neutral definition of an identity graph: the correlated map of identities, accounts, and relationships that turns scattered records into a single, queryable structure.
Identity Lifecycle Management
IGAA neutral definition of identity lifecycle management: the joiner-mover-leaver process that provisions, adjusts, and revokes access as a role changes.
Identity Operations Center (IOC)
IVIPA neutral definition of an Identity Operations Center: the team and workflow that turns continuous identity data into daily triage, investigation, and remediation.
Identity Risk Score
ISPMA neutral definition of an identity risk score: the composite metric that ranks accounts by exposure, and the inventory it depends on to be accurate.
Identity Security Posture Management (ISPM)
ISPMA neutral definition of Identity Security Posture Management: what it scores, and the inventory that score depends on.
Identity Threat Detection and Response (ITDR)
ITDRA neutral definition of Identity Threat Detection and Response: how it detects identity-based attacks, and what it needs to detect against.
Identity Visibility and Intelligence Platform (IVIP)
IVIPAn emerging category describing platforms that continuously discover, correlate, and monitor every identity across an enterprise. Here's what it means, and why visibility by itself is no longer the finish line.
IVIP Buyer's Guide
IVIPEvery vendor in this category will claim "visibility." Few will survive being asked what that word actually covers. Here's the evaluation framework and a copy-paste-able question set for your next RFP.
IVIP for AI Agents
Non-Human IdentityAI agents authenticate, inherit privilege, and execute across systems faster than most identity visibility and intelligence platforms were built to look. Here's what breaks when discovery is built for accounts that persist, and what an agent-native IVIP actually has to do differently.
IVIP vs. CIEM
ComparisonCIEM manages entitlements deep within a single cloud platform. An IVIP spans every domain, cloud and on-prem, and correlates across them. Here's why deep-in-one-cloud and wide-across-the-estate are different jobs, and why enterprises usually need both.
IVIP vs. IDaaS
ComparisonIdentity as a Service (IDaaS) and an IVIP get confused because both touch "identity," but they solve almost entirely different problems. Here’s the actual boundary.
IVIP vs. Identity Data Fabric
Comparison"Identity Data Fabric" and "Security Data Fabric" are newer analyst and vendor terms for connecting identity signals across an environment. Here’s how the idea overlaps with an IVIP, and where the framing differs.
IVIP vs. IGA
ComparisonIGA vendors are increasingly claiming IVIP-style visibility, and buyers are genuinely confused about whether their existing IGA "already does this." Here's the honest answer: where IGA's workflow engine ends and the data layer underneath it begins.
IVIP vs. ISPM
ComparisonISPM tools score and prioritize identity risk. An IVIP is what that score is computed against. Here's why a posture score is only as trustworthy as the inventory feeding it, and how to tell the difference.
IVIP vs. ITDR
ComparisonITDR detects and responds to identity-based attacks in progress. An IVIP is what gives it something accurate to detect against. Here's why detection speed and detection blind spots both trace back to the same upstream data problem.
IVIP vs. PAM
ComparisonPAM vaults, rotates, and brokers access for the privileged accounts it already knows about. An IVIP is what finds the privileged accounts PAM doesn't yet manage. Here's why 'we have PAM' and 'we have full privileged-account coverage' are two different claims.
N
Non-Human Identity (NHI)
Non-Human IdentityA neutral definition of Non-Human Identity: the service accounts, API keys, workload identities, and AI agents that now outnumber humans, and why they get governed differently.
Non-Human Identity, By the Numbers
Non-Human IdentityMachine identities passed human identities years ago and the gap keeps widening. A few figures that explain why non-human identity has become the leading edge of the IVIP category, sourced from Hydden's own operating data.
P
Passive vs. Active Discovery
IVIPA neutral comparison of passive and active identity discovery: how each approach finds accounts, and why environments with sensitive or legacy infrastructure often require both.
Privileged Access Management (PAM)
PAMA neutral definition of Privileged Access Management: what it vaults, rotates, and brokers, and where its coverage stops.
S
Segregation of Duties (SoD)
IGAA neutral definition of segregation of duties: the control that prevents any single identity from holding two conflicting permissions, like requesting and approving the same payment.
Service Account
Non-Human IdentityA neutral definition of a service account: the credential that lets one system authenticate to another, and why it tends to accumulate risk faster than a human account.
Shadow Admin
ISPMA neutral definition of a shadow admin account: privileged access that exists outside the accounts a security team already knows to protect.