Fragmented Identity Infrastructure Can’t Keep Up with Modern Enterprise Risk
Bob Long
President, Americas
Bob is a tenured veteran in the Identity and eKYC global markets. In his present role at Daon, he has operational oversight for the Americas Region as President, including a seat on the Daon Board of Directors. Operational requirements include sales, business development, customer success, marketing, and operations for the region encompassing North America, South America, and Latin America.
Bob has over 25 years of experience in financial services, payments, fraud and risk management, and technology. Prior to Daon, he’s held the positions of Interim CEO and Chief Revenue Officer at a Seattle-based payment solutions company and led one of the largest payment and technology providers to an Initial Public Offering on the NYSE (2012). He has also held several leadership roles including Senior Vice President of Financial Services at Vantiv/WorldPay and leadership roles at both First Data Corporation and US Bancorp.
Bob received his education from the University of The Pacific in Stockton, CA.
April 23, 2026
Most enterprises operate fragmented identity infrastructure assembled from point solutions across a decade of compliance pushes and fraud responses. This creates structural vulnerability as four forces converge: remote workforce threats requiring continuous verification, government digital wallets demanding new integration capabilities, AI-driven attacks requiring real-time authentication, and autonomous agents needing governance frameworks that siloed systems cannot deliver.
Digital identity infrastructure rarely gets built. More often, it accumulates. A verification tool added during a compliance push. An authentication solution integrated after a fraud incident. A document check bolted on when a new market required it. For most organizations, the identity stack they operate today reflects the decisions of a decade of individual moments rather than a single coherent strategy. That’s how technology adoption works in complex enterprises operating under real operational pressure. The identity market matured by selling point solutions, and enterprises bought what was available. Need to verify a document? There’s a vendor for that. Need to authenticate a returning user? Different vendor. Fraud detection, onboarding orchestration, biometric matching — each capability packaged and sold separately, each solving a discrete problem without much consideration for what happens at the seams.
The result, across financial services, healthcare, government, and virtually every regulated industry, is identity infrastructure that works adequately in isolation and struggles at scale. That structural mismatch is now a pressing business risk. The threat environment has stopped being patient with architectures assembled incrementally, and the gap between what fragmented point solutions can deliver and what modern identity risk demands is widening faster than most organizations realize.
The Cost of Operating in Silos
Before examining each force individually, it is worth being direct about what fragmentation actually costs. When identity data lives in disconnected systems, organizations lose the contextual thread that connects who a user is with what they are attempting to do. A customer rigorously verified during onboarding may face only a basic credential check when initiating a high-value transaction days later. Fraud operates in that gap. Forrester Research identified this structural vulnerability plainly: siloed identity and access management functions result in “fragmented visibility into identity security posture and threats.”
The downstream numbers reflect that fragmentation. The Identity Theft Resource Center documented over 353 million individuals affected by data compromises in a single recent year, a 79% increase from the prior year. IBM’s research puts the average cost of a data breach at $4.88 million, and that figure doesn’t account for regulatory penalties, litigation exposure, or the slower erosion of customer trust that follows a public incident.
Fragmentation also multiplies compliance burden. Each siloed solution carries its own audit trail, its own data residency considerations, its own vendor relationship to manage. Cross-border compliance becomes an operational tax levied against every team that touches identity, rather than a managed capability owned by a unified program. The cost of maintaining fragmented infrastructure is compounding, and organizations that treat it as a stable baseline are misreading the trajectory.
Four Forces Demanding a Better Foundation — Now
Workforce Identity Verification
Remote and hybrid work have permanently altered the workforce identity problem. Pre-hire verification, once the primary concern, is no longer sufficient on its own. Organizations are discovering that hiring a verified person and then issuing static credentials creates a vulnerability window that persists for the duration of employment. Deepfake job applicants are an active threat: AI-generated video and voice can pass a standard remote interview, and synthetic candidates have been documented successfully navigating hiring pipelines at organizations that rely on superficial verification checks.
The post-hire problem is equally urgent. Compromised credentials in a distributed workforce environment can persist undetected for months. Remote work makes it harder to identify when the wrong person is operating behind a legitimate account. Continuous workforce assurance, binding the verified individual to daily access through biometrics and behavioral signals rather than static credentials, is where most organizations remain dangerously underinvested. Point-solution IDV tools check a box at onboarding and then go silent. That silence is where insider threats and account takeovers find room to operate.
Identity Wallets Are Here
Government-issued digital identity wallets have cleared the pilot phase. Mobile driver’s licenses (mDLs) are now accepted by the TSA, and approximately 76% of Americans live in states where mDL programs are either live or in active development. Apple Wallet and Google Wallet support state digital IDs across a growing number of jurisdictions. In Europe, EU member states are required to offer European Digital Identity (EUDI) wallets under eIDAS 2.0 governance frameworks, with broad deployment expected by the end of 2026.
The infrastructure question this creates is direct: is your identity stack ready to accept, validate, and process a wallet-based credential today? For most organizations operating fragmented point solutions, the honest answer is no. Systems built around traditional document upload workflows were not architected to handle NFC-chip verification, selective disclosure credentials, or the trust framework validation that government-issued wallets require. Organizations that haven’t updated their infrastructure are already creating friction for users presenting valid digital IDs. In a competitive environment where user experience is a measurable differentiator, that friction has a cost.
Continuous Authentication and Identity Continuity
Authentication as a one-time event is a relic of a less threatening era. The standard is shifting toward continuous assurance: verifying not just that someone authenticated at login, but that the right person remains in the session throughout each interaction. Among identity and security professionals, 96% identify AI as key to addressing identity-related challenges, according to the Identity Defined Security Alliance. The infrastructure has to match that ambition.
Daon’s Identity Continuity framework addresses this directly. Rather than treating verification and authentication as separate events managed by separate systems, Identity Continuity establishes a single, persistent identity record that follows each user across every channel and every interaction, from initial onboarding through account recovery and every session in between. Biometric templates established at enrollment are reused across mobile, web, contact center, and in-person channels, creating what amounts to a living trust relationship rather than a series of disconnected checkpoints. The “one customer, one record” architecture that Identity Continuity enables is the foundation that continuous assurance requires. Fragmented stacks, almost by definition, cannot deliver it.
Agentic AI and the Know-Your-Agent Imperative
This is the force that demands preparation rather than immediate reaction, but the window for early action is closing. Non-human identities (NHIs), including autonomous AI agents acting on behalf of users and organizations, are proliferating at a rate that current identity infrastructure was never designed to handle. Independent research places year-over-year growth in NHIs at roughly 44%, with machine-to-human ratios in some enterprise environments projected to reach 144:1.
Current identity systems were architected for human users. They cannot adequately govern autonomous systems operating at machine velocity and scope. When an AI agent requests elevated database access, initiates a financial transaction, or executes a workflow on a user’s behalf, identity systems must maintain clear separation between human authorization and agent execution. Audit trails must capture not just what happened, but which human granted authority to which agent and what that agent did with it. Organizations that begin building Know-Your-Agent (KYA) frameworks now will have a significant governance advantage when regulatory requirements arrive. Those that wait will be retrofitting accountability into systems not built to provide it.
Consolidation Is a Strategic Decision, Not a Vendor Preference
The argument for consolidating identity infrastructure is sometimes misread as a purchasing recommendation. It is more accurately a risk management argument. Fragmented stacks don’t simply cost more to operate; they are structurally incapable of delivering the consistent assurance that the current threat environment demands. When identity data is siloed, organizations cannot dynamically scale authentication to transaction risk. They cannot maintain a unified audit trail. They cannot integrate wallet-based credentials without custom engineering. They cannot govern AI agents with the same rigor they apply to human users. Each capability gap is its own liability.
Consolidated identity infrastructure changes this equation. A unified platform with orchestration at its core can combine biometric verification, document authentication, fraud signals, and third-party data into workflows that respond dynamically to risk, rather than applying uniform security regardless of context. Daon’s TrustX platform is built on this principle: a no-code orchestration engine that allows organizations to design, deploy, and adapt sophisticated identity workflows without the developer-intensive integration cycles that fragmented stacks require. Deployment flexibility, data sovereignty through customer-controlled encryption, and the ability to operate across cloud and on-premises environments mean that TrustX meets regulated enterprises where their compliance requirements actually live, rather than asking them to compromise.
The secondary benefit of consolidation is speed. Organizations with mature, unified identity infrastructure absorb new requirements as operational updates rather than emergency engineering projects. When wallet standards evolve, when a new regulatory framework arrives, when a new threat vector requires a new detection layer, consolidated platforms adapt. Point solutions send organizations back to their procurement cycle.
The Time to Evaluate Is Now
The organizations building consolidated identity infrastructure today are not ahead of the curve. They are catching up to a threat environment that has already moved. Wallet adoption is scaling under formal governance frameworks. Workforce identity threats are active and documented. Continuous authentication is the competitive standard in regulated industries. Agentic governance is coming faster than most security teams are planning for.
Waiting for a breach, a compliance failure, or a competitive loss to force the conversation is not a neutral position. It is a decision to absorb costs that consolidated infrastructure would have prevented. The foundation matters because everything built on top of it, every new channel, every new authentication method, every new regulatory requirement, inherits its strengths or its weaknesses.
If your identity infrastructure was assembled reactively, the question worth asking now is whether it can support what comes next. Daon can help you answer that. Contact us to learn more.
