Introduction
At this year’s CyberArk IMPACT 2025, one of the most compelling messages delivered to enterprise security professionals came from my friend and colleague, Rita Gurevich, founder and CEO of SPHERE. I’ve known and worked with this capable executive for years (we are fellow Stevens Institute of Technology alums) and I continue to be impressed with her work.
In an unmistakably New York-style presentation titled “Identity Hygiene: The Sequel – Find It, Fix It, Fuhgeddaboudit,” she reminded us that in a technology and business world saturated with a bunch of cybersecurity buzzwords, the best strategies return us to the basics. And for identity security, that basic is hygiene.
If you’re running a Privileged Access Management (PAM) program or are responsible for Identity Governance and Administration (IGA) at scale, then I believe you should hear what SPHERE is saying – namely, that an organization cannot protect what it doesn’t understand, own, or know exists. That’s why identity hygiene isn’t just a helpful recommendation but is required for success.
Identity Hygiene: More Than a Metaphor
Let’s start with a clear definition. Gurevich correctly describes identity hygiene as the practice of keeping your identity ecosystem clean. That includes removing stale and orphaned accounts, assigning accurate ownership, remediating risky access, and ensuring privileged accounts are tightly monitored. These are 101 issues for security teams, but they are often neglected.
SPHERE’s central thesis is that identity-related breaches, and the claim is that 93% of organizations had two or more last year alone, are less about sophisticated attacks and more about sloppy fundamentals. The analogy here is stark: much like washing your hands in a hospital reduces infection, identity hygiene reduces blast radius.
Find It: Discovery Is the First Line of Defense
The first step, as Gurevich emphasized in her talk, is finding the risk. That might sound obvious until you realize how sprawling the modern enterprise identity landscape really is. Think local accounts, service accounts, shared logins, and high-risk administrative users—not just in Active Directory or LDAP, but across Windows, UNIX, cloud services, databases, and more.
SPHERE’s method involves intelligent discovery and data normalization across these fragmented identity silos. This visibility, surfacing both the expected and the forgotten, is not a one-time exercise. It’s a continuous, evolving activity requiring tool support, domain knowledge, and prioritization based on exposure and risk.
As Gurevich also noted, the data here is deep and wide. Your team isn’t just uncovering accounts – but rather, they are unraveling behaviors, misuse, and systemic privilege creep. That’s where automation comes in.
Fix It: Remediate and Reassign with Precision
Once discovered, the accounts must be addressed, starting with ownership. And here’s where SPHERE has carved a niche: tackling the thorny problem of account attribution.
Far too often, critical service accounts exist without any clear owner. In these cases, SPHERE helps organizations build out a robust “Book of Record” to anchor account metadata and assign stewardship. This enables account onboarding into CyberArk or other PAM systems without breaking dependencies or disrupting business continuity.
In one case study from the presentation, a healthcare enterprise operating across 75 countries and 50+ facilities suffered a severe outage linked to unmanaged privileged access. SPHERE helped the team identify over 75,000 accounts in days (versus months) to assign ownership and remediate the most dangerous accounts. The result was a risk reduction of 60% within a month and correlation of 90% of service accounts to real human owners.
Fuhgeddaboudit: Embed Hygiene as a Permanent Process
What we like so much about SPHERE’s approach apart is that they don’t treat hygiene as a project, but as a process. As Gurevich put it in her talk, identity hygiene must be continuous and sustainable. It must be baked into the lifecycle of identity management, not bolted on.
With integrations into CMDBs, IGA workflows, and IAM data catalogs, SPHERE ensures that as identities are created, changed, or deprecated, their context and risk profile are continuously understood. It’s not just about locking down today’s threats but is about building a system that doesn’t let hygiene decay over time. And this model is particularly critical in modern hybrid environments where organizations routinely undergo M&A, cloud migration, and structural changes.
Key Takeaway
At TAG, our analyst team sees SPHERE’s work as one of the most practical and valuable enablers of PAM and IGA program success. Our advice to enterprise teams is straightforward: Don’t treat hygiene as optional. Make it foundational. And in our experience, we believe that SPHERE can help you with the following key tasks:
- Surface and contextualize privileged accounts across the enterprise
- Assign ownership, remediate exposures, and onboard to PAM
- Sustain hygiene through tight integration with your IGA and CMDB systems
- Embed identity hygiene into your operational DNA
The message from Rita Gurevich was clear and concise: Find it, Fix it, Fuhgeddaboudit. And in a world of zero trust, hybrid cloud, and relentless identity-driven attacks, it’s time we stop admiring the problem of identity sprawl and do something about it. SPHERE offers a clear, repeatable path. We strongly recommend you reach out and learn more from Rita Gurevich and her fine team.
In our next TAG blog in this five-part series on SPHERE, we’ll shift focus to the topic of the danger of shadow accounts. I hope you stay with us.
