When you chat with most Chief Information Security Officers (CISOs), their biggest concerns usually focus on well-known issues like compliance risk, cloud security, phishing, and ransomware. But another challenge is accelerating inside enterprises in the EMEA region — one that’s already creating hidden costs and growing exposure. This challenge is all about identity and access management (IAM). But it’s not the typical IAM we’re used to, like linking HR systems to Active Directory or setting up multi-factor authentication. Instead, it highlights the fast-expanding problem of disconnected applications and unmanaged corporate identities, along with the operational hurdles and security gaps they create.
This issue is particularly pressing in Israel, and addressing it can lead to enhanced security and streamlined operations.
Across Europe, the Middle East, and Africa, technology companies are scaling at incredible speed. SaaS adoption is accelerating, AI-driven tools are multiplying, and teams are more global and hybrid than ever before.
But growth has a shadow:
This gap creates a perfect storm: compliance gaps, inconsistent controls, and operational drag from disconnected apps.
Israel is different from other EMEA markets. It’s a technology laboratory. Fast-moving, cloud-native, and heavy on AI adoption.
I recently spoke with a security leader at a SaaS-first Israeli startup. His team manages more than 150 applications for more than 3,000 employees—everything from core DevOps tools to regional marketing platforms. Fewer than half of those apps are integrated with their identity provider (IdP) solution. Onboarding a new employee takes hours, and offboarding can take days per employee leaving their role. He described the process as “like playing whack-a-mole with identities.”
Another example came from a global Israeli brand where the CISO found herself torn between two mandates:
Her comment stuck with me: “Every new campaign feels like a security trade-off between brand growth and compliance risk.”
These stories aren’t unique. They illustrate how disconnected apps and unmanaged corporate identities have already become the frontline identity security challenge in Israel — and what’s playing out there is what many EMEA enterprises will face next.
And from the IT manager’s perspective, the pressure feels even more immediate:
Most CISOs are rightly focused on risk management, compliance, and defense against cyberattacks. But there are hidden dynamics in identity and access management that often go unaddressed—dynamics that are actively undermining both security and operations. Below are five perspectives worth paying closer attention to.
Disconnected applications don’t just increase risk. They create an operational tax that drains budgets and slows teams down.
In one Israeli scale-up I spoke with, the IT team calculated that more than 25% of their helpdesk tickets were identity-related—password resets, access issues, and user offboarding delays for a 1,000-person company with a lean IT staff, resulting in lost engineering cycles and slower delivery, and in one case affected their ability to deliver service to customers.
Every time a team adopts an application or tool without centralized governance and oversight, identity debt accrues.
A fintech startup in Tel Aviv told me how, during due diligence for a funding round, auditors discovered dozens of unmanaged SaaS accounts with no ownership trail. They scrambled to map who had access, burning time and credibility at a critical fundraising moment.
In one AI-focused Israeli company, bots and automation tools already make up 60% of active identities. Yet none of those accounts are part of their IAM lifecycle. The security lead admitted: “We can tell you when a developer leaves the company, but we can’t always tell you when a bot is retired.”
A well-known Israeli consumer brand learned this the hard way when a former employee still had access to the company’s LinkedIn page. A single unauthorized social media post triggered hours of brand crisis management—not because of a breach, but because of reputational damage.
In today’s digital-first world, a hacked corporate social media account can damage trust as quickly as a ransomware attack.
An Israeli health-tech company shared how its teams constantly bypassed IT to onboard apps critical for clinical trials. Blocking wasn’t an option—the trials couldn’t wait. Instead, the CISO shifted from saying “no” to finding ways to govern without controlling.
This phenomenon reflects a broader shift: CISOs must act less like gatekeepers and more like enablers of innovation and agility.
The IAM challenges in EMEA, and especially in Israel, can’t be solved by technology alone. They require a mindset shift:
Technology companies in EMEA are entering a new phase and scaling fast, under pressure, with lean teams and high compliance expectations. Traditional IAM frameworks weren’t built for this environment.
The real opportunity lies in rethinking identity security in EMEA not as a narrow technical function, but as the foundation of security, operations, and trust.
In Israel, where speed and agility are everything, this shift is already underway. And as Israeli companies expand globally, their lessons will shape how identity is managed across EMEA in the years to come.
The challenge for leaders is not just how to secure disconnected apps and corporate identities—but how to do it in a way that reduces operational burden, protects brand reputation, and enables innovation.
That is the future of identity and access management. And it’s closer than we think.