Infosec glossary
Identity Security
Every user, service, workload, device, and automated process may have an identity with access to systems or data. Identity security covers the controls used to establish those identities, limit their permissions, detect misuse, and respond to compromise. It applies to human and non-human identities.
Identity security covers access before and after login
Authentication is one part of identity security. Authorization policies, entitlements, session controls, privileged access, and identity lifecycle processes determine what happens after an identity signs in or a workload receives a credential.
Monitoring adds another layer by looking for credential theft, unusual privilege use, impossible access patterns, and other signs of compromise. Response may include revoking sessions, disabling accounts, rotating credentials, or reducing permissions.
Human and non-human identities require different controls
Human identities include employees, contractors, partners, customers, and administrators. Non-human identities include service accounts, workloads, applications, devices, scripts, and automated agents. Each group has different credential lifetimes, authentication methods, and patterns of use.
Non-human identities can scale quickly and may operate without direct human review. Their security depends on inventory, ownership, short-lived credentials where practical, scoped permissions, rotation, and activity monitoring.
- Authentication and credential protection
- Authorization and least privilege
- Identity lifecycle and access reviews
- Identity threat detection and response
Identity security and IAM overlap but are not identical
Identity and access management provides processes and systems for creating identities, authenticating them, and granting access. Identity security uses many IAM controls but also includes threat detection, credential protection, privilege risk, exposure analysis, and incident response.
Privileged access management, identity governance, multifactor authentication, and identity threat detection are related disciplines. They address different parts of the identity lifecycle and may operate as separate or connected systems.
Related reading
The term is clearer when the nearby language is clear too.
Use the pages below when you need adjacent terms, category context, or a longer explanation instead of leaving the definition to stand on its own.
Adjacent terms
Further reading
Sources used to check the definition and terminology
Guides
Where the definition expands into a longer explanation
A practical guide to calibrating cybersecurity website copy so it proves competence to serious buyers without collapsing into jargon or unreadable product prose.
Cybersecurity Copywriter vs General B2B WriterHow to decide when a general B2B writer is enough and when cybersecurity copy needs category fluency, stronger terminology, and less revision risk.