Identity and data protection in an age of sprawl and oversharing 

It may seem obvious. Data is your most valuable asset. If that is so, identity is the locked door that keeps it safe. Who, then, is leaving the door open? Who is leaving the data vulnerable? If we all know the basics, why then are data breaches still happening?

Identity and data risks are increasing not because organisations are careless. Far from it, organisations are spending more time and money than ever on security. Data risks are increasing because our work environments are now too complex, too interconnected and too fast‑moving for traditional controls to protect. Oversharing, identity sprawl and misconfigured access have, by stealth, become some of the most common causes of cyber incidents.

The real challenge is no longer protection from a head-on attack. It involves overcoming uncontrolled access, invisible privilege build‑up and data spreading further than anyone ever planned. In an environment where every system integrates with many others, when collaboration tools are always on and when staff need access from anywhere to so much, organisations face an uncomfortable truth: they no longer know, with confidence, who can see what.

When identity and sharing expand beyond visibility, cyber resilience becomes guesswork.

The hidden pressures of identity sprawl

Identity sprawl doesn’t arrive with all guns blazing. No alarms need be triggered. It creeps in slowly.

• A temporary permission, created for a project, does not get revoked
• Access to a SaaS tool gets granted, then does not get tracked
• A shared email in-box is used for operational expediency
• Someone, it could be anyone, leaves the organisation. What did they do that was never known

This quiet build‑up creates fragile identity environments. It sounds obvious, and will certainly look so with hindsight, a single compromised account can unlock enough to unravel the most robust defence.

Public sector organisations feel this pressure acutely. Large, multi‑vendor ecosystems and high staff mobility mean identity boundaries shift daily. The more they shift, the harder they are to govern.

The growing risk of oversharing

Data moves through chats. It moves through emails, shared drives and collaborative spaces. Well intentioned, poorly thought through, spreadsheets are implemented to manage processes that the IT team never sees. In workspaces that require decisions to be made in real time, this happens at speeds that no manual review process can keep up with. Information intended for a small audience, spills into wider groups. Sensitive content gets duplicated. Files that start life under user control start appearing elsewhere in the organisation. This is all done for good reason and nobody is acting maliciously.

No breach is required. No attacker is involved… yet. It is just natural human behaviour in modern digital work.

The combination of identity sprawl and oversharing

Identity and data protection fail for the same reason. People now collaborate with data more. Their patterns of collaboration change faster than traditional controls can match.

This is where technology must evolve to match the reality. Saying, “don’t do it”, is not going to work. Putting an additional ring of defence in place to allow for collaboration makes absolute sense.

This is the point at which modern tooling becomes essential rather than optional

Help is at hand

Methods has developed an engagement model that deploys some of the most powerful tools on the market in a way that directly counters these threats. This model allows organisations to embrace modern knowledge-working practices, whilst bolstering defence against sprawl and oversharing. Two tools that form the backbone of this defensive posture engagement are Microsoft’s Entra and Purview systems.

Entra ID: restoring order to identity

The first system Methods uses may seem an obvious choice, an identity access management (IAM) tool. Far beyond traditional IAMs, Microsoft Entra adds advanced capabilities that reach well outside the scope of, for example, Azure active directory. Entra unifies identity, permissions, governance, and network access into a single platform designed for Zero Trust and multi‑cloud security.

These are not “nice to have” controls. They are essential safeguards for preventing identity sprawl and protecting systems against unauthorised access.

Purview: protecting data at the exact moment it moves

Microsoft Purview complements Entra ID by governing the data that needs protecting. It helps organisations take back control through:

• Intelligent classification
  Using pretrained AI classifiers, Purview understands context and content, allowing it to identify sensitive information automatically and at scale. 
• Policy‑driven protection
  With sensitivity labels and data loss prevention (DLP) rules, Purview ensures that data stays protected no matter where it travels 
• Built‑in compliance assurance
  Purview provides auditability and governance, aligned with UK regulations, helping organisations stay compliant. .

Together, Entra ID and Purview give organisations something that manual processes alone never could. They provide visibility, consistency and intelligent control across both identity and data.

How Methods helps

Methods delivers its own value to the identity and data solutions built on Entra ID and Purview. Drawing on its extensive public sector work and considerable cyber resilience experience, Methods integrates controls in line with regulatory requirements and organisational needs. It is this combination of achieving security within the operational needs of public sector bodies that delivers the power behind Methods’ cyber engagements. Our unique combination of skills and experience make us perfect for the job.

Stop the sprawl and don’t overshare. Methods and Microsoft can help.

These controls don’t slow organisations down. They free people to work securely, confidently and at pace.

Join us at CyberUK 2026

We will be exploring identity protection, data governance and the future of digital resilience on Stand F29. Come and talk to us about how Entra ID and Purview can help you build identity‑led and data‑led resilience for the decade ahead.