For better or worse, the IAM  industry has been building, deploying, and selling the same IAM architecture for over 20 years. While reasonably effective, identity practitioners are facing diminishing returns. Protecting cloud, code, and critical resources is only getting harder and adversaries are only getting craftier. We cannot expect following those same patterns for the next year, let alone 20, will yield different results. In this talk Ian will propose what comes next: zero standing privilege, robust contextually informed policies, open identity data fabrics of differing velocities and volumes, and event-based IAM. Knowing that generation shifts in architecture are difficult, Ian will propose ways to begin the journey to modern IAM with the architecture you have today.