The ISC2 Uganda Chapter held a webinar focused on locking down Identity and Access Management (IAM) in modern enterprises. The session convened cybersecurity practitioners, governance professionals, and risk leaders to examine a problem that is growing quietly, but fast.
At the center of the discussion was Clare Amutuhaire, a seasoned cybersecurity professional known for strengthening enterprise security through identity governance and access control design.
She explained that IAM is not merely a technical control. It is a business enabler. When implemented effectively, it supports secure digital transformation and strengthens regulatory compliance. However, she cautioned that these benefits only materialize when identity lifecycle governance is taken seriously. Accounts must be created correctly. Access must evolve with roles. And critically, access must be revoked immediately when staff exit. Any gaps in this lifecycle create silent vulnerabilities. Small oversights accumulate. Eventually, they are exploited.
This point resonated strongly in light of recent findings by the Office of the Auditor General (OAG) involving the Bank of Uganda and the Ministry of Finance, Planning, and Economic Development. The audit highlighted that accounts belonging to former employees remained active and were subsequently used to facilitate electronic fraud.
Ms. Amutuhaire outlined a set of practical controls. These controls include adopting a zero-trust architecture, automating identity lifecycle processes to remove human error, conducting regular access reviews, and training users continuously.
She also pointed to the technologies shaping the future of IAM. These include passwordless authentication and cloud-based IAM platforms. Artificial intelligence (AI) and machine learning were also mentioned as being increasingly used to detect anomalous login behavior and trigger automated responses.
Speaking at the event, the host Emmanuel Mugabi, a governance, cybersecurity, and risk professional and General Manager Advisory at Cente-Tech, reinforced the urgency of the issue.
“Identity governance is where policy meets operational reality,” he said. “We can invest in infrastructure and advanced security tools, but if we do not control who has access, when they have it, and why they have it, we are simply leaving the front door open. The recent incidents in Uganda are a clear signal that governance gaps are now being actively exploited.”
Recent global trust and cybersecurity reports further reinforce this reality. Industry research shows that identity-related weaknesses now sit at the center of the threat landscape, with over three-quarters of breaches linked to identity-based attacks and compromised credentials emerging as the most common entry point for attackers.
The webinar closed with a call for both public and private sector institutions to elevate identity governance as one of the cybersecurity priorities.
