My biggest challenge has been the sheer volume of impersonation attempts and fake profiles popping up across platforms. When you're building someone's personal brand, one fake LinkedIn or Instagram account claiming to be them can solve months of trust-building work. I've had clients lose speaking opportunities because event organizers contacted an imposter account instead of the real person. The worst part? Most platforms take 7-14 days to respond to impersonation reports--if they respond at all. I once tracked down 8 fake accounts using a client's name and headshots to sell crypto schemes. We reported them all with documentation, and only 3 got removed within a month. The others just kept operating. What actually worked was flooding search results with verified, optimized content on platforms we controlled. We built out their personal website, claimed every relevant social handle (even platforms they didn't use), and pushed fresh content weekly. Within 90 days, the fakes dropped to page 3 of Google while the real profiles dominated page 1. My advice: don't wait until there's a problem. Register your name across major platforms NOW, even if you're not active there. Set up Google Alerts for your name. The faster you catch impersonators, the less damage they do--and the easier they are to remove before they build an audience.
The biggest challenge we've faced with digital identity management is identity sprawl outpacing governance. As teams scale, contractors rotate, and cloud apps multiply, identities tend to accumulate faster than policies can keep up. The real risk isn't just unauthorized access, it's outdated access that no one remembers to revoke. That's where breaches, audit failures, and insider risk quietly originate. What helped was shifting our mindset from managing users to managing lifecycle. We stopped treating identity as a one-time provisioning task and started treating it as a continuous process tied to role changes, project timelines, and exit events. Automating joiner-mover-leaver workflows and enforcing least-privilege by default made a measurable difference, especially when paired with regular access reviews that actually get completed. My advice to others is to simplify before you harden. Don't layer tools on top of broken processes. First get clarity on who should have access, for how long, and why. Then automate relentlessly. Identity hygiene isn't glamorous, but it's one of the highest-leverage investments you can make in security, compliance, and operational sanity.
My biggest challenge was managing multi-cloud identity silos across AWS, GCP, and SaaS tools. This fragmentation created access sprawl and audit failures, which led to a serious breach attempt. The actual problem was the remote team of over 50 freelancers that was using disconnected logins (Okta and Entra), and we had no unified view. By the last months of 2025, 30% of our accounts had excessive privileges, and we failed a critical GDPR audit. I solved it using three steps: First, I used Okta Workflows and SCIM to automate user provisioning. Then, I moved to "Just-in-Time" access to make sure permissions are only granted when needed. At last, I implemented quarterly peer reviews to certify all active accounts. My advice to others facing the same challenges is to centralise your governance. Do it even if you use multiple tools. Assign owners to every app and automate at least 80% of your deprovisioning process.
Managing digital identities has been one of the most intricate challenges I've faced in my career, especially during my time at Apple and now at Intuit. The complexity arises not just from the sheer number of users, like the 370,000 channel users we served at Apple, but more from ensuring security, scalability, and seamless integration across multiple systems. I remember meticulously architecting the People Information Management system at Apple. We designed it as the nerve center for user identities within our Channel Sales ecosystem. At the heart of this challenge was creating a single, trusted source for managing access, roles, and relationships, which had to interface smoothly with a myriad of other services like AMS and ASW. I often found myself in late-night brainstorming sessions with our security and identity engineering teams, sketching out flows on whiteboards to ensure every access point was bulletproof against vulnerabilities and user friction was minimized. One critical lesson I learned is that managing digital identities is less about technology and more about understanding the user journey. Every user interaction needs to be seamless yet secure, which often requires anticipating their needs before they arise. For instance, we developed a predictive engine to forecast demo device demand and integrate it into user profiles, ensuring we could react swiftly to high-demand scenarios, particularly during product launches. My advice to those facing similar challenges is to adopt a holistic view. Don’t just patch existing systems; assess them afresh, focusing on how they interlink with other components. Collaboration across departments is vital. At Intuit, I've witnessed the power of diverse teams coming together, from product to UX to business operations, to align on a unified vision. Also, fostering an environment where engineers feel empowered to experiment and make recommendations is indispensable. Encouraging open dialogues often leads to breakthroughs that traditional top-down management might miss. Remember, digital identity management is a marathon, not a sprint. It's about building systems that are resilient today and can scale for tomorrow's users. Keeping a user-centric focus has helped us build systems not just for now but with an eye on future-proofing them for the rapidly evolving tech landscape.
My biggest challenge in managing digital identities within my organization has been building a clean, consistent, and trustworthy online footprint across multiple platforms while scaling, especially when my work spans healthcare-adjacent services that require credibility and privacy. Early on, I had profiles, logins, and listings created at different times, sometimes with small inconsistencies in business name formatting, phone numbers, or service descriptions. Those gaps can create confusion for families, case managers, and referral partners, and they can also weaken local search visibility because platforms rely on consistency to verify legitimacy. Another challenge has been access control. As a small business, it is easy for accounts to be tied to one person's email, devices, and passwords. That works until you need to delegate tasks, work with vendors, or bring on staff. Then you risk lockouts, lost access, or too many people having broad permissions. My advice to others is to treat digital identity like compliance and operations, not marketing. Start by creating a single source of truth for your organization: exact business name, address, service areas, main phone, primary email, website, approved service descriptions, and brand wording. Use it everywhere. Next, centralize account ownership using a business-managed email and password manager, and turn on multi-factor authentication for every platform. Assign role-based access whenever possible so vendors and staff do not have full control of primary accounts. Finally, run a quarterly identity audit. Confirm that your Google Business Profile, website, directory listings, and social profiles match, remove duplicates, and document who owns each account and how to recover it. Consistency, security, and clear ownership are what protect your reputation and make growth easier. Richard Brown Jr, MBA-HCM Owner/Essential Living Support, LLC
What's the biggest threat? Not technology, but a cultural one: how to balance the intense friction of strong security with what's often described as "operational velocity." It's relatively straightforward to lock everything down tight, but that kills productivity. The larger problem lies in 'privilege creep' - staff can accumulate rights over time which are never removed, leading to a gaping attack surface that only manifests itself during or after a breach. My tip is to treat identity management as a lifecycle, rather than a one-off setup. Automate provisioning and, critically, de-provisioning of access by linking it directly to your HR systems. When a job changes or a person leaves, their access changes or vanishes. Next, mandate that teams annually review their access - and in practice have to re-certify people's access again which moves the accountability for doing this from a central 'IT' function to the business units where the knowledge is. Finally, centralize around a single identity provider to avoid proliferation of uncontrolled and fragmented identities in various SaaS tools.
Managing digital identities includes finding a way to accommodate both security concerns and the need for usability as the company scales. Initially, identity is managed informally, and quickly, the manner in which identities are managed becomes less efficient. It became apparent that the hardest part of managing digital identities is not implementing the controls, it was correcting long-standing habits that no longer match the size and associated risk profile of the organization. Through my experiences, I believe that identity sprawl occurs long before there is sufficient recognition. Because at the time of use, using a shared credential, over-permissioned accounts, or legacy access appears to suffice and therefore gets accumulated into the environment, ultimately the organization builds-in and creates blind spots within the environment which makes auditing them extremely ambiguous and creating a challenge during any incident to assist in resolving. Treating identity as infrastructure versus an administrative detail is what I feel is the best approach moving forward. Construct role-based access, account for turnover and periodically remove any access rights that no longer serve a legitimate business purpose. In short, effective identity management does not focus on 'locking down user access', but rather focuses on providing intentionality, traceability and 'boring' consumer-based usage of credentials/access.
The greatest challenge facing us around digital identity is not the technology, but rather the increased complexity of the governance of all of the multiple trust entities that Digital Identity represents. When an organization is working with multiple custodians and trusts across many entities, it is no longer acting as though it were managing "one user", but instead, it is managing all of the many different layers of custodians, signers, trustees, administrators, and other third-party vendors, all of which will have different access levels, regulatory requirements, and audit requirements. The resulting identity sprawl generates more friction in the transaction process, make transactions take longer to complete, and increase operational risk dramatically. The tipping point for our organization was centralising identity governance, creating standardized role hierarchies, mandating multi-factor authentication for all custodial and deal platforms, and linking Digital Identity to both an Entity Authority and to your Documented Compliance Status. As such, I recommend you view identity as a governance function as opposed to IT function. Establish authority mapping before establishing the access control framework. By creating a digital identity based on the organizational operational and legal structures, it will allow for faster delivery, safer handling of identity, and be easier to scale over the long run.
The biggest complication with managing digital identities for community-based teams is ensuring the interaction of having a "human" presence while simultaneously adhering to the required security measures, which are usually very strict in nature. Multi-layered security checks can be annoying to people, so many will take shortcuts that actually may place the entire organization at risk. When training new people, it is important to educate them on "why" these security measures are necessary. When everyone on a team understands that by protecting their digital identities, they are also protecting the communities they serve, frustration with compliance becomes much less likely. Security should never be a "bump" in the road. Instead, consider it a common area of safety.
One of the biggest obstacles in managing digital identities is making sure that you're holding your third-party vendors accountable to the same standard of due diligence that you would expect from your own internal team. The security of a mission-based organization relies on the total performance of their collective efforts; even if one partner's system gets breached, it has the potential to negatively impact your organization's credibility. One way to protect your mission is to include a "Digital Identity Audit" as part of every partnership agreement you create. When doing so, you'll ensure that any partner touching your data shares your commitment to integrity and the security of your mission-critical functions. Therefore, to protect your mission, be prudent in who you grant access to your digital ecosystem.
The primary challenge for us has been managing the user lifecycle. Workers, contractors and partners require DIFFERENT levels of access to tools that are updated with some frequency. Marketing works with CRM, paid media, analytics, CMS, and vendor portals, so whenever there's a shift in responsibilities, it often leaves permissions behind-- creating bottlenecks and liability implications. I suggest mapping job functions and reviewing access on a regular basis. It should never be tied to people but to the specific role/function.
"Fatigue" is a common problem in identity management, caused by too many layers of security for users. When users become fatigued by their daily security-related activities, they often take or create shortcuts that could jeopardize the integrity of their organization. Implementing Single Sign-On (SSO) provides an easy and less complicated way to log in for employees and provides organizations with a more secure environment. By providing a simple and easy-to-use SSO solution, your organization will encourage your employees to use secure practices while improving compliance. By creating a work environment that includes mental support for employees, your organization will continue to improve overall security.
Digital identity efficiency and compliance can contradict each other many times, especially when there is a need for someone to be able to grant emergency access to sensitive data streams. One of the largest hurdles to overcome is developing a system that is both secure enough to prevent a breach and fast enough to support critical action when needed. I suggest implementing "Just-in-Time" privileged access, which means that only high-level privileges are granted for a defined task and for only a limited time duration. This technology allows you to gain exact compliance, as well as maintain full control over your systems simply by closing off access to sensitive data, while allowing you to remain compliant and agile with any public health or business initiatives.
External contractors pose a unique set of challenges to identity management in a creative/technical environment in terms of acquiring the proper amount of access to your environment without exposing the entire core infrastructure of your digital builds. Having too much permission creates a security risk, while insufficient levels of access can slow the progress of a digital build to a complete standstill. A good way to avoid this type of problem and create a positive environment is to use a "least privilege" access model. It ensures that as soon as a project is finished, the permissions will be automatically revoked. It is also important to utilize encrypted password managers and prevent users from sharing passwords via unsecure chat clients. The Digital Perimeter is protected through controlling who has access to your Creative Assets.
It is very difficult to manage multiple digital identities, especially when it comes to managing employee access to multiple finance applications in a timely manner with a high level of financial accountability. Identity sprawl is a major problem because users have many different usernames and passwords for many different systems (both legacy and cloud) that are not related to one another. Consolidating all of the different usernames and passwords into one comprehensive Identity and Access Management (IAM) framework, and utilizing multi-factor authentication will minimize the potential for unauthorized access and provide an audit trail for every transaction. Focusing on a centralized system will be the only way to achieve both operational speed and financial integrity.
In an operational aspect, managing the "offboarding" of workers with continual movement between on-premise and remote workstations is a major challenge to identity management. Leaving just one active digital identity after the worker leaves can open up large systemic exposure to criminal exploitation. I propose building automation into the lifecycle of every digital identity, which will allow for immediate synchronization between HR actions and IT deactivation of digital identities. By eliminating the potential for human error through the complete integration of your systems, your governance model will remain intact and protected. The continuity of consistent management of these administrative functions will help prevent an insignificant error from evolving into an enormous security risk.
The first step to achieving better management of our identities is to lay out our vulnerabilities concerning our internal systems. The way many organizations think, "It won't happen to us," is still the way most organizations think, leading them to have ineffective password regulations and numerous years between software upgrades. Therefore, I would suggest conducting "vulnerability assessments" regularly so that all employees may discuss their security concerns without fear of being reprimanded or held at fault. An environment of transparency and honesty will help provide employees a "sense of ownership" in the totality of the security of their building. The idea of protecting a digital identity is indicative of a trust and commitment to each employee's value, thus enhancing the collective value of all employees of the building.
As technologies continue to change, and as they do so more rapidly than before, the hardest part of managing an identity is trying to keep your identity management staff from becoming overly stressed by these constant changes. It can be difficult for just one or two people on a small team to stay up-to-date and current with the various regulations and requirements concerning the use of multi-factor authentication and biometric authentication; however, there is now an option available for you to work with a qualified, comprehensive security partner who can take most of the technology-based burden off your shoulders, so you can concentrate on the human aspect of identity management while having peace of mind regarding the security of your digital borders. Remember that change is a marathon, not a sprint, so manage your team's expectations in the same way.
One of the biggest challenges has been keeping access and permissions aligned as the team grows. When new people join or roles change, accounts and tools can get out of sync. We use a central system to track access for every user and tool and review it on a regular schedule. Any inconsistencies are spotted quickly and corrected. My advice is to treat identity management as part of operations. Document it, make it repeatable, and review it consistently to keep the system reliable as the team changes
The biggest challenge has been keeping access organized as the team grows and roles change. It's easy for permissions to get messy if you're not proactive. My advice is to review access regularly and tie permissions to roles, not individuals. That simple habit improves security and makes onboarding and offboarding much smoother without slowing people down.