In Gartner’s Digital Identity 2025 Hype Cycle, a new category has emerged: Identity Visibility and Intelligence Platforms (IVIP). The term is gaining attention across the industry, and with it, debates about whether it should be seen as a platform, a set of capabilities, or something else entirely.
Let’s start with the definition of IVIP by Gartner:
“Identity visibility and intelligence platforms are products that provide rapid integration and visibility for identity and access management (IAM) relevant data, typically paired with advanced analytics (often AI-enabled) capabilities. This innovation provides a single view of IAM data, activity/events, relationships, configuration and posture to enable rapid improvement of all other integrated IAM controls and capabilities supporting both improved security and business enablement.” [1]
What Problem Does IVIP Solve?
Modern Identity and Access Management stacks are becoming increasingly complex. A large enterprise CISO today manages around 83 different cybersecurity tools [2]. Many of these tools are not well integrated. The result is fragmented visibility of identity-related data and missing intelligence and insights on what is actually covered, managed, or protected – where the gaps are, and what potential risks remain.
Let me give an example: IGA (Identity Governance and Administration) and PAM (Privileged Access Management) are relatively mature disciplines. Yet many organizations still struggle with a simple but critical question: who is allowed to do what? Role names and entitlements often fail to give business users meaningful answers, hindering assignments and recertifications.
The situation becomes even more complex with privileged accounts. Regulated companies must meet Segregation of Duties (SoD) requirements. Too often, IGA and PAM systems run in parallel without real integration – one covering the entire workforce, the other just administrators. This leads to conflicts that remain invisible when systems are not integrated.
Take HR as an example: one system manages business roles, another manages administrative accounts. On paper, SoD appears intact. But without an integrated view, overlaps remain hidden – such as when a user holds an HR administrator role in one system while also carrying conflicting HR business entitlements in another. Technically, the systems are separated. Functionally, the same person can both define and manipulate sensitive data. That is a direct SoD violation that only becomes visible with true end-to-end integration.
Identity Fabrics and the Missing Layer
“The Identity Fabric is not an abstract ideal […]. It is deliberately designed as a pragmatic, capability-driven framework that supports both the modernization of legacy IAM (brownfield) and, where applicable but rather rarely, the creation of new architectures (greenfield). Together with the/an IAM Reference Architecture, it provides a concrete capability model […]” Matthias Reinwarth , Director Practice IAM at KuppingerCole Analysts, [3].
Identity fabrics define the capabilities required for a modern IAM environment. To bring it to life, each capability has to be provided by a certain service or product. But the vendor landscape looks different: tools overlap, leave gaps, or cover multiple areas in ways that don’t align neatly to the identity fabrics model. Enterprises end up with a patchwork of solutions stitched together to approximate the target picture.
That is where IVIP comes in. The concept addresses the need for a layer that spans all kinds of identities, all types of IAM, and provides a unified governance dashboard. It brings visibility and intelligence across the patchwork. But not just that. It’s not enough to have just insights, optimization and remediation will be the key. Be it optimizing the authorization landscape, providing recommendation to business users or acting autonomously, when thinking of ISPM (Identity Security Posture Management) capabilities, where the systems remediate any deviation and anomalies for a learned “what does good look like”.
In some discussions it was argued that it’s not a substitute for proper identity fabric design and implementation. And that’s true as well. However, it’s a pragmatic way to span a holistic governance layer across a variety of products, filling critical gaps towards the ideal target picture of an identity fabric. Is this good or bad? Some analysts question whether IVIP helps, or if it risks reinforcing today’s fragmented implementations. In reality, fragmentation has always been part of IT. Complexity has only grown over the past 20 years, and technological advances – generative and agentic AI being the latest example – far faster than enterprise products can keep up. The result is a patchwork, and the real question is how we manage it while improving outcomes. It simply reflects the reality of fragmented solutions and systems. There is no indication that this will change soon, nor that perfectly integrated identity fabric can be built based on single standard products.
Platform or Capability?
So, is IVIP a platform? It depends. At its core, it is a sum of capabilities – that can be achieved in different ways, with different tools. If a product covers enough areas, the “platform” label may make sense. But the label itself is less important than the value it brings.
The Nexis Perspective
Nexis was also mentioned in this context in Gartner’s Hype Cycle for Digital Identity 2025 [1] – both for IVIP and for AI in Access Administration – underlining the relevance of these concepts for the future of identity management and the implementation of identity fabrics.
From a Nexis point of view, IVIP aligns perfectly with our capabilities and puts a label on what we’ve been doing for almost two decades. Our ambition has always been to create Identity Visibility and Intelligence for the business – supported by smart visualizations, intuitive analytics, AI assistants, and an outstanding user experience – bringing the topic to where it belongs: the business side.
With NEXIS 4 we manage authorizations – policies, roles, segregation of duties policies, and entitlements – across a wide range of systems. This includes different IGA environments, combinations of IGA, NHI, and PAM, and our ISPM capabilities even extend to Access Management products. This enables us to support least privilege use cases by removing unused authorizations and reducing costs when assigned licenses can be retired.
Intelligence is powered by various forms of artificial intelligence and smart visualizations for information representation. Machine learning with reinforced training based on user feedback helps simulate and design optimal policy and role structures. NICO, the NEXIS Intelligent Co-Pilot, is woven into the system and provides recommendations to users. Explainable AI educates users and offers clear reasoning for why access should be granted or denied, or why other actions should be executed. This directly addresses the growing demand for cybersecurity AI assistants, which are also recognized in Gartner’s Hype Cycle.
With NEXIS 4 and GenAI, the creation of regulatory documentation – such as authorization concepts required by DORA – can be accelerated, enabling proper visibility into every IAM-managed system, be it human or non-human identities such as service accounts. This is an important part of our overarching application onboarding capabilities. On top of that, documentation can now be leveraged for AI-based enterprise workflows to get ahead of the curve.
We are driven to provide business users with visibility and intelligence in a form they can understand. IVIP is not just a technical convenience – it is a business enabler. By delivering visibility and intelligence across the identity fabric, enterprises gain control, reduce risk, and make governance decisions that stand up to scrutiny.
References
[1] Sangiorgio, N., & Harris, N. (July 14, 2025). Hype Cycle for Digital Identity, 2025 (ID G00830736). Gartner, Inc. https://www.gartner.com/interactive/hc/6718134
[2] IBM Institute for Business Value, & Palo Alto Networks. (2024). Capturing the cybersecurity dividend: How security platforms generate business value. IBM. https://www.ibm.com/thought-leadership/institute-business-value/en-us/report/unified-cybersecurity-platform
[3] Reinhard, M. (September 16, 2025). Comments on LinkedIn. LinkedIn. https://www.linkedin.com/feed/update/urn:li:ugcPost:7373351315298631682?commentUrn=urn%3Ali%3Acomment%3A%28ugcPost%3A7373351315298631682%2C7373590864578895872%29&dashCommentUrn=urn%3Ali%3Afsd_comment%3A%287373590864578895872%2Curn%3Ali%3AugcPost%3A7373351315298631682%29