Why Shared Devices Break Traditional IAM (And What Comes Next)

Walk into any hospital ward, warehouse floor, or manufacturing plant, and you will find the same thing: a shared terminal, tablet, or workstation touched by a dozen different people over a single shift. No one owns that device. Everyone uses it, and the identity system governing it was designed for neither.

Here is the problem that rarely gets named directly: shared devices do not just create security gaps. They create an attribution gap, where actions exist but ownership does not. Your audit log shows that "ward-terminal-3" accessed a patient record at 2:47 am. But who was at ward-terminal-3 at 2:47 am? The session says one person, the shift roster says three people were on that unit. The credential used belongs to someone who clocked out four hours earlier.

That is not a security log; that is a record of activity with no author.

Traditional IAM was built for the knowledge worker. Desk, laptop, badge. One person, one machine, one persistent session. The architecture made sense for offices, and for two decades, it scaled reasonably well, because the workforce using it was sedentary, device-bound, and individual. The frontline workforce is none of those things, and IAM has never caught up.

THE BROKEN ASSUMPTION

IAM was designed for a world that doesn't exist on the frontline.

The foundational logic of traditional identity management rests on a set of assumptions that most vendors have never interrogated, because for their primary customers, those assumptions held, until they didn't.

• IAM assumes each device maps to a single, persistent user with a dedicated session. On the frontline, devices are shared across roles, shifts, and departments, often with no formal handoff.
• IAM assumes the user authenticates once at login and maintains a trusted session until logout. On the frontline, sessions are abandoned mid-task. Devices are picked up cold by whoever needs them next.
• IAM assumes login friction is a one-time cost, paid at the start of a workday. On the frontline, authentication happens dozens of times per shift, and every second of friction is borrowed from patient care or production time.
• IAM assumes the person at the keyboard is who the session says they are. On the frontline, sessions are routinely left open, borrowed, or shared, making attribution unreliable and audit logs meaningless.

These are not edge cases or implementation failures; they are structural mismatches between a technology designed for a specific work pattern and environments where that pattern has never applied. The result is predictable: security controls that look good on paper and do not work at all in practice.

An audit log full of 'admin' and 'shared-terminal-4' entries is not a security record. It is a liability dressed up as compliance.

HOW WE GOT HERE

Three decades of IAM, built for the wrong workforce.

• In the 1990s and early 2000s, IAM was born for the networked office. One user, one workstation, one set of credentials. The paradigm worked because the population it served was homogeneous and device-bound.
• Through the 2000s and 2010s, enterprises scaled. Single sign-on reduced friction for desk workers. Active Directory centralized identity. The shared-device problem existed on the factory floor and hospital ward, but it was invisible to the architects writing the standards.
• Then came zero trust and MFA. Cloud, mobile, and breaches pushed the industry toward never-trust-always-verify. Sound doctrine for remote knowledge workers. Catastrophic friction for someone doing a shift handover at a shared terminal at 6 am.
• Now, the reckoning. Regulators, insurers, and auditors are pushing MFA mandates across all industries, including frontline environments that were never consulted in the design. The workarounds multiply, the audit logs lie, and the risk accumulates silently.

THE REAL COST

Shared devices do not just weaken security. They destroy accountability.

When shared devices break IAM, the damage runs deeper than unauthorized access. The core consequence is the attribution gap: the systematic collapse of the ability to know, with any confidence, who did what, on which device, at what time. 

Consider what shared credentials actually do to your audit trail. Every action tagged to "ward-terminal-3" is worthless for forensic purposes. Every session left open from the previous shift contaminates the access record. Every borrowed login creates a gap in your non-repudiation chain, a gap that regulators, in the event of a breach or adverse clinical event, will find immediately.

• On dedicated devices, authentication is reliable because the session is tied to an individual. On shared devices, the session is tied to the device, not the person, so attribution breaks down immediately.
• Session management is clean on a dedicated device. One user, clear start and end. On a shared device, sessions overlap, get abandoned, and get inherited by whoever sits down next.
• Audit logging produces records attributable to a named individual on a dedicated device. On a shared device, actions are attributed to a device name or a shared credential, which tells you nothing useful.
• Role-based access is correctly scoped to the authenticated user on a dedicated device. On a shared device, it reflects whoever last logged in, which is frequently the wrong role entirely.
• MFA enforcement holds on a dedicated device. On a shared device, sessions get reused specifically to avoid repeated prompts, so MFA compliance exists on paper only.

IAM solved the access problem. It never solved the accountability problem. On the frontline, that gap has a name: the attribution gap. And it shows up in every audit, every incident review, and every compliance assessment where shared devices are involved. 

WHAT COMES NEXT

Authentication proves access. Attribution proves responsibility. 

The architecture shift required here is not incremental. Patching credential policies or shortening session timeouts does not address the structural problem; it just rearranges the friction. What frontline environments need is an identity model that treats the person, not the device, as the continuous unit of trust.

The goal is not just authentication. It is attribution. Proving not just that someone had access, but that a specific, verified individual took a specific action at a specific moment. 

Three capabilities define what this looks like in practice.

• The first is continuous identity verification. Passive biometrics and behavioral signals confirm who is at the device in real time, not just at login. The session follows the person, not the machine.
• The second is context-aware access control. Access decisions factor in role, location, time of day, and live risk signals, not just credentials. The right person gets the right access at the moment they need it, automatically.
• The third is individual-level audit trails. Every action is attributed to a verified, named individual, not a device or a shared credential. Audit logs become genuinely forensic and defensible for the first time.

The common thread is a shift in the fundamental unit of identity. Traditional IAM trusts the device and infers the user. Modern frontline identity verifies the person continuously and treats the device as background infrastructure. That shift matters for security posture, for compliance, and for the daily experience of the people doing the actual work.

The device was never the identity. It was just the most convenient proxy. On the frontline, that convenience became a liability.

The technology to make this real is not experimental. Badge-tap workflows, passive face recognition, proximity-based session management, and zero-friction handover protocols are deployed and working in high-acuity environments today. The barrier is organizational readiness to retire the assumption that IAM built for a desk worker will ever work at the bedside, the production line, or the warehouse floor.

Shared devices are not going away. In healthcare, manufacturing, logistics, and retail, they are the permanent operating conditions, and the workforce that uses them deserves an identity system built for how they actually work, not for how IT policy wishes they worked.

The CIOs and IT leaders who close this gap first will have something rarer: an audit trail that tells the truth, a workforce that is not fighting its own tools, and a compliance posture that holds up when it matters most.

HOW OLOID HELPS

Systems built on individual attribution behave differently.

Access becomes momentary, not persistent; sessions do not linger; they transfer. Audit logs stop recording devices and start recording decisions. Every action connects back to a verified individual, not a terminal name or a borrowed credential.

This is what modern frontline identity looks like in practice. And it is already working in shared-device environments where traditional IAM failed.

OLOID is built on this model. By combining badge-based access, continuous identity verification, and context-aware controls, OLOID closes the attribution gap that shared devices create. Clinicians and frontline workers are verified in under a second. sessions follow the individual across workstations, access is scoped to the right role at the right moment. And every action produces an audit record that reflects reality, not workarounds.

The operational results are concrete. Break-glass use drops to genuine emergencies, shared credentials disappear from daily workflows, session timeouts stop interfering with care, and for the first time, compliance teams have audit logs they can actually stand behind.

If your current IAM system cannot tell you, with certainty, who was at that terminal at 2:47 am, the attribution gap is already costing you. The question is whether you find that out in a review or in a breach. 

Ready to close the attribution gap? Talk to OLOID.