The identity singularity 2035

Zero Trust as a strategic operating system and architectural convergence

By 2035, leading enterprises will operationalise Zero Trust as a policy-driven operating model, and not a collection of tools. At the core sits an Identity Fabric that brings together policy, context, signals, and enforcement into a unified control plane.

The competitive differentiator will not be product selection, but the ability to industrialise identity as a measurable security capability. Organisations that succeed will manage outcomes such as privilege exposure time (PET), time-to-access, time-to-revoke, and blast-radius containment with precision and transparency.

This point of view outlines a global, standards-based target state and pragmatic transformation paths for both cloud-native enterprises and legacy or OT-heavy environments.

Key takeaways

Identity is becoming the control plane of modern security, with Zero Trust executed as a measurable operating model.
An Identity Fabric separates policy definition, decisioning, and enforcement – enabling consistent, auditable, and scalable access decisions.
A shared signal layer distributes security context in near real time (risk changes, device posture, session revocation), reducing exposure windows and accelerating containment.
Identity governance and administration (IGA) and Privileged access management (PAM) converge into a single governance-to-execution chain, closing operational enforcement gaps.
Non-human identities (NHIs) now outnumber human identities. Secretless and attestation-based approaches become essential, and AI agents must be governed through bounded delegation and provenance controls.
2035 represents a planning horizon that demands two-speed execution:
- Path A: Cloud-native acceleration
- Path B: Legacy and Operational technology (OT) modernisation
  Both require disciplined sequencing and telemetry coverage to enable policy-based authorisation models

Discover how to position identity as the foundation of Zero Trust and as a strategic enabler of resilience, agility, and measurable security outcomes.

Download the PoV

Meet our expert

Thomas Willner is a cybersecurity leader with an Executive MBA and extensive experience in Identity and Access Management. As Head of IAM Germany at Capgemini, he leads enterprise-scale identity transformation programs across cloud, hybrid, and legacy environments. His expertise spans privileged access management, Microsoft Entra ID, and converged IGA/PAM architectures. He has delivered high-complexity IAM programs for global organizations across automotive, financial services, and critical infrastructure sectors.