By Karl Woolfenden | BCN.news 

As organizations prepare for the challenges of the coming year, cybersecurity continues to dominate boardroom agendas. At the forefront of this discussion is identity hygiene—a discipline that ensures enterprises understand, monitor, and protect every human and non-human access point across their systems. 

In the latest edition of Race to the Start Line, I spoke with Rita Gurevich, CEO and founder of SPHERE, a company transforming how enterprises approach identity security. With a background forged in the complex aftermath of the Lehman Brothers bankruptcy, Gurevich has built SPHERE into a recognized leader in identity governance and automation. 

From Crisis to Innovation 

Gurevich’s career began at Lehman Brothers during its 2008 collapse. Tasked with mapping and redistributing technology assets across multiple buyers, she quickly identified a universal problem: organizations lacked a reliable inventory of systems, identities, and entitlements. 

“Without visibility, you can’t protect anything.” – Rita Gurevich 

This realization became the foundation of SPHERE. What began as a consulting practice evolved into a software company delivering scalable solutions for identity hygiene. 

Defining Identity Hygiene 

Identity hygiene refers to the ongoing process of maintaining clean, accurate, and secure identity data across an organization’s environment. It goes beyond traditional access controls by continuously auditing users, machine identities, entitlements, and system integrations. 

The need is urgent. For every employee, Gurevich noted, there are 85 additional identity-related entry points—including service accounts, machine-to-machine connections, and third-party integrations. 

“For every employee, there are 85 additional identity-related entry points.” 

SPHERE’s platform automates both discovery and remediation. It not only identifies dormant or risky accounts but also ties them to responsible business units and executes corrective actions. 

“We’re the only platform that doesn’t stop at telling you where the risks are—we clean them up.” 

Overcoming Organizational Roadblocks 

Implementing identity controls often faces resistance. Employees are accustomed to established login routines, and additional layers of security can create friction. However, heightened awareness has shifted attitudes. 

“Cybersecurity is no longer abstract. Boards, regulators, customers, and even insurers are demanding stronger identity safeguards.” 

Sector-Wide Implications 

While financial services remain a core client base, identity hygiene is increasingly critical across healthcare, utilities, and manufacturing. 

“In hospitals, compromised credentials can prevent doctors from accessing patient records, delaying procedures and putting lives at risk,” Gurevich noted. “In energy and utilities, attackers target infrastructure with the potential to disrupt national operations. The threat landscape extends far beyond banking.” 

Automation, AI, and the Next Frontier 

Artificial intelligence is rapidly reshaping identity management. Non-human “agents” are executing business tasks, inheriting entitlements, and creating new vulnerabilities. Gurevich views this as both a challenge and an opportunity. 

“The future of cybersecurity is inseparable from AI security.” 

SPHERE’s roadmap reflects this shift, with capabilities designed to manage both human and non-human identities in hybrid and cloud-native environments. 

Leadership and Industry Culture 

As one of the few women founders in cybersecurity, Gurevich has observed cultural changes within corporate America. “Fifteen years ago, I was often the only woman in the room. Today, I see balanced teams in client meetings, which is encouraging,” she said. 

Yet disparities remain in entrepreneurship and funding. Gurevich encourages women to enter the field without hesitation: “You don’t need to have every credential before starting. Innovation requires stepping into the unknown—and women bring a perspective that is invaluable to building resilient companies.” 

Preparing for the Future 

The rise of machine identities, AI-driven processes, and increasingly complex regulatory landscapes ensures that identity hygiene will remain central to enterprise risk management. 

“Companies that treat identity hygiene as an ongoing discipline—not a one-time project—will be best positioned to protect their future.”