Today, I’m pleased to announce the next evolution of the Hydden Platform: Control. This new solution drives AI-powered identity governance to the entirety of enterprise infrastructure, by automatically on-boarding applications, automating user access reviews, and orchestrating policy and lifecycle changes across hybrid infrastructure.
Why did we build Control? Easy. Because many security teams have reached a breaking point with the current state of identity governance.
We have seen countless IGA teams exhausted over multi-year consulting engagements and license-renewal increases just to achieve basic outcomes.
Last year Gartner reported that over 50% of all IGA deployments are under duress. This number is probably much higher. What’s driving the state of IGA today? A few points:
- Manual user access review and certification drudgery that takes months to complete and provides limited security value. By the time these campaigns finish, the data is already stale, the reviewers are exhausted from rubber-stamping hundreds of access requests they don’t understand, and actual risk has slipped through the cracks (because application owners frankly can’t understand it anyway).
- Multi-month engineering cycles to onboard applications into existing IGA platforms. The average mature enterprise has managed to onboard maybe 5-7% of their applications after years of trying. Think about that for a second—we’re asking security teams to govern identity with visibility into less than one-tenth of their infrastructure. The rest is a black box of shadow IT, legacy systems, and that one critical database that Bob from IT manages with a spreadsheet.
- Periodic snapshots and data pulls that miss runtime change and create review fatigue. Traditional IGA operates on static data pulls and batch processing that results in ongoing skepticism about the completeness and accuracy of data.
While newer lite-IGA alternatives have offered cloud-first deployments, cleaner UIs, and easier integration with SaaS apps, many of them still rely on the same limited foundation around identity data. The underlying problem hasn’t changed: without complete, real-time data, you can’t trust the governance, and if you can’t trust the governance, AI can’t safely deliver the automation that you need for the future.
IGA teams are stuck trying to bridge two incompatible worlds. In the first, decades of identity data sits trapped in systems that were never designed to talk to modern platforms—old directories, custom applications built in the early 2000s, Mainframes and databases with schemas that exist only in the memory of long-departed developers. These systems rarely change cleanly and they resist standardization.
In the other world, identity is dynamic and constantly evolving: SaaS applications that update their permission models without warning, cloud resources that spawn and die with each deployment, and now AI agents that multiply faster than any governance process could ever hope to track.
A next-generation approach to identity governance has to work seamlessly with both the old and the new. We built Hydden — and Control — to do this.
Our Approach: Start With The Messy Reality First!
Our approach here is different because we started with a different central assumption: the efficacy of IGA controls require a continuous, complete and accurate feed of all identity data everywhere.
We built this foundation first with robust, continuous discovery to provide enterprise-wide visibility across legacy systems, cloud applications, local accounts, edge devices, and non-human identities like AI agents. The result is an identity data layer that stays current without constant care and feeding. Control is the execution layer on top of this foundation. It observes access patterns, enforces policies, and orchestrates the changes an enterprise needs to make, driven directly by the identity data that we discover and the access events we observe in real-time.
How Does Control Work?
Control is easy to use and simple to set up:
AI-Powered Application On-boarding
Hydden’s AI-powered Universal Collector drives rapid connectivity to any application, database, or system. Control auto-discovers schemas, owners, entitlements and relationships, then auto-adjusts connectors when fields or APIs change. We’re not asking you to map every field, define every relationship, or maintain brittle connectors that break every time someone updates a schema. Hydden AI figures it out, validates its understanding, and gets to work.
Automating User Access Reviews
Control analyzes a complete and accurate corpus of historical identity data, roles, peer groups, and runtime patterns to pre-triage reviews. It knows that when five developers all have the same access pattern, and one has additional privileges they’ve never used, that’s worth flagging. It knows that when the entire finance team has access to a system except for one person, that person probably needs it. These aren’t revolutionary insights—they’re common sense patterns that traditional IGA forces humans to identify manually, over and over again.
The system automatically generates dynamic policies from observed behavior using AI, but—and this is crucial—with humans fully in the loop for approval. Hydden is NOT trying to use AI to automate governance decisions entirely; we’re eliminating the grunt work so humans can focus on the decisions that require judgment.
Role Mining and Dynamic Policy Generation
Hydden’s analytics engine generates role-based access policies that are derived from the actual identity data environment within the enterprise, not from some theoretical RBAC model that looked good in a PowerPoint. These policies show you where your existing RBAC program has succeeded and where it needs improvement, while moving security teams towards tighter least privilege implementation based on what’s happening now, not what the governance team hopes is happening.
Hydden AI: Real-Time Recommendations and Answers
Hydden continuously computes risk signals from the identity data layer and detects drift and scope creep as it happens, not quarters later. Hydden AI surfaces explainable recommendations with linked evidence and allows users to ask questions using natural language for fast summaries and quick look-ups. You can ask basic and more complex questions about your identity data and then set rules using NLP to drive outcomes rapidly.
Why This Matters Now
For enterprises without IGA, Control is their chance to skip the traditional approach entirely. Why spend three years implementing something that will only cover 5% of your infrastructure when you can have comprehensive coverage in a fraction of that time?
For those trapped in struggling implementations, Control is the path to driving stronger identity security and compliance outcomes: governance that delivers value, access reviews that actually improve security, and application on-boarding coverage that can be track with quantifiable metrics.
The Future We’re Building
The future of identity governance requires continuous intelligence, complete visibility, and complete and accurate data that ensure audit readiness. It’s about accepting that perfect standardization will never happen, but complete visibility can. It’s about tools that work with the reality of enterprise IT—messy, complex, constantly evolving—rather than demanding that reality conform to the tool’s requirements.
If your existing IGA implementation is off-track, bogged down in technical debt, or simply not delivering the value you were promised, I encourage you to give Hydden Control a try today.
Let me show you what we’ve built. I think you’ll be surprised by what governance looks like when it’s built on a foundation of live data, powered by AI that actually helps, and designed by people who’ve lived through the IGA wars and decided there had to be a better way. Schedule a demo and see what modern identity governance looks like today.
