Gathid launches authority assurance for complex identities

Gathid has launched Enterprise Authority Assurance, a product aimed at organisations managing complex identity environments.

The offering is designed to show which people, systems and non-human identities hold authority across an enterprise, including where that authority emerges through combinations of roles, credentials and delegated access rather than direct permissions alone.

Identity and access management systems have long focused on account provisioning, authentication and governance. Gathid is seeking to address a different issue: the gap between stated policy and the authority that exists in practice once multiple systems, groups, applications and integrations interact.

In many large organisations, authority is spread across cloud services, software-as-a-service tools, on-premises systems, operational technology and physical access controls. That can make it difficult for security teams to see the full picture from any single platform, especially where inherited group rights, service accounts and cross-system connections are involved.

Peter Hill, Chief Executive Officer of Gathid, said the company sees a growing gap between the way identity policies are defined and the way authority is exercised across real environments.

"Identity tools have done exactly what they were built to do: manage policy, provision accounts and enforce authentication," said Peter Hill, Chief Executive Officer of Gathid.

"But enterprises now need to answer a different question: who and what actually holds authority across the business right now, and does that match what we intended?" Hill said.

Enterprise Authority Assurance creates a daily model of authority across human and non-human identities, roles, groups, credentials, systems and assets. According to Gathid, that model is intended to help organisations identify where authority accumulates, how it spreads across systems and where structural identity risk is concentrated.

Growing complexity

The launch comes as identity environments become harder to govern. Organisations are dealing with old infrastructure, years of role changes, acquisitions, system integrations and the gradual build-up of access rights that may no longer reflect current responsibilities.

At the same time, companies are adding machine identities and software agents that can act across multiple systems. This has increased the need to understand not only user permissions but also the wider network of relationships that can create effective authority, Gathid said.

"Authority is not simply a list of permissions," Hill said.

"It is a network of relationships. A user, service account or AI agent may appear low risk in one system, but when its roles, credentials and delegated access are evaluated together, the true authority picture can look very different," he said.

Gathid said its platform connects through read-only adaptors and builds a model across cloud, SaaS, on-premises, operational technology and physical access settings. Customers can use that model to highlight authority concentration, escalation paths, segregation of duties breaches, toxic combinations and authority drift, it said.

That places the product in a market where companies are trying to improve oversight without dismantling existing identity systems. Rather than replacing identity governance, privileged access management or provisioning tools, Gathid is positioning the new offering as a layer that sits across them.

Hill said the company is not trying to displace established identity platforms that organisations have spent years putting in place.

"We are not here to replace the identity stack enterprises have spent decades building," he said.

"IAM, IGA and PAM platforms remain essential. What they were not built to do is model the full structure of authority that emerges after all of those systems interact. Enterprise Authority Assurance completes that picture," Hill said.

Gathid said it serves customers in sectors including financial services, manufacturing, mining and critical infrastructure. Those industries often have a mix of modern cloud platforms and older operational systems, which can make identity oversight particularly difficult.

The company's focus on authority structures rather than permissions alone reflects a broader shift in identity security, as businesses try to understand how access behaves across interconnected environments rather than within single applications or directories.

Enterprise Authority Assurance is built around that question: not only who has access on paper, but who or what can exercise meaningful control across the business in practice.