As organisations become more hyper-connected, traditional security boundaries have dissolved, making identity management the primary line of defence.
This is according to Simone Pozniak, head of data and analytics at Webber Wentzel, during her address at the ITWeb Data Insights Summit 2026.
Speaking on: "Data security and governance in an increasingly connected world", Pozniak explained that while connectivity drives business value, it also introduces unprecedented fragility and risk.
She highlighted a fundamental shift in architecture, saying protection has migrated from the infrastructure "perimeter" to individual identities, which includes humans and machines.
According to Pozniak, by 2028, machine identities are predicted to outnumber human identities by a ratio of 45:1, creating a massive attack surface that traditional models are unprepared to handle.
"Focus shifts from protecting systems to protecting ecosystems," she noted, explaining that security must now extend to include vendors, clients and partners.
The rise of AI has introduced complex new vectors for data exfiltration. Pozniak warned that AI agents, models and plugins often bypass traditional authentication, creating "new actors" within corporate channels.
She cited a real-world example from January 2026, where a flaw in a prominent AI system exposed user login credentials. She also cautioned against the risk of "dormant accounts", noting a case where a compromised inactive account allowed attackers to hold an entire company's data hostage.
Contrary to the view that governance slows down business, Pozniak argued that it acts as an "accelerator". By providing clear guardrails, governance reduces decision friction and allows teams to execute faster with confidence.
To achieve this, she recommended:
- Data classification: Categorising data by privilege level to ensure the most confidential information is hidden and restricted.
- Least-privilege access: Moving away from broad role-based access to attribute-based models where users only see what they need.
- Continuous maturity: Establishing data governance committees to embed security controls directly into business processes.
Robust security is now a competitive advantage, Pozniak concluded.
Share