ENTERPRISE IAM is described as reaching a breaking point, with identity becoming fragmented across thousands of apps, machine identities and autonomous systems, creating what Orchid Security calls Identity Dark Matter—identity activity hidden from centralized visibility. According to Orchid Security’s analysis, 46% of enterprise identity activity occurs outside centralized IAM visibility, leaving a substantial portion of the surface unseen.
Orchid’s IVIP concept, defined as a comprehensive Identity Visibility and Intelligence Platform within Gartner’s Identity Fabric framework, is positioned as a system that continuously discovers identities, unifies fragmented data, and turns telemetry into actionable intelligence.
The report notes that 85% of applications contain accounts from legacy or external domains, 20% use consumer email domains, 70% have excessive privileges, and 60% grant broad admin or API access to third parties, while 40% of accounts are orphaned (rising to 60% in some legacy environments). It emphasises moving from posture-based controls to evidence-driven identity intelligence, including AI-enabled insights and automated remediation, to shrink the attack surface and close the gap between policy and real access.