A disconnected app is a business system that does not participate in the enterprise identity fabric and is managed outside central IAM workflows. Access is often granted locally, reviewed manually, and forgotten easily. These apps create governance blind spots because ownership, revocation, and evidence are fragmented across teams.
Expanded Definition
A disconnected app is not just an older or low-priority system. In NHI governance, it is any application that sits outside the enterprise identity fabric, meaning it does not inherit central authentication, approval, logging, revocation, or lifecycle controls. Definitions vary across vendors, but the operational test is simple: if access changes are handled locally and evidence must be assembled manually, the app is disconnected.
This matters because disconnected apps often become exceptions to NIST Cybersecurity Framework 2.0 principles such as access control, logging, and governance. They also frequently bypass the lifecycle discipline described in the Ultimate Guide to NHIs, especially when service accounts, API keys, or shared credentials are created for convenience and never reconciled later.
The most common misapplication is calling an application disconnected simply because it uses local accounts, which occurs when the system still synchronizes identity records or sends authoritative audit data to a central control plane.
Examples and Use Cases
Implementing governance for disconnected apps rigorously often introduces operational friction, requiring organisations to weigh fast local administration against the cost of weaker traceability and slower revocation.
- A legacy payroll platform uses local administrator logins and spreadsheet-based approvals, so access reviews depend on screenshots instead of IAM evidence.
- A plant-floor monitoring tool authenticates directly to a device database, and the credentials never enter enterprise vaulting or rotation workflows.
- A vendor-hosted file exchange requires manually created service accounts for integrations, creating a gap between onboarding and offboarding.
- A research application maintains its own user store and audit logs, making it difficult to prove who had access during a security review.
These patterns are common in environments that still rely on manual exception handling, a risk profile discussed in the Ultimate Guide to NHIs. When teams need a governance baseline, the control expectations in NIST Cybersecurity Framework 2.0 help translate the problem into concrete tasks such as inventory, access review, and evidence retention.
Why It Matters in NHI Security
Disconnected apps are especially dangerous for Non-Human Identities because they hide the places where secrets are issued, copied, reused, and forgotten. Once an app is outside central IAM, revocation depends on human memory, ticket trails, and owner discipline. That is where excessive privilege and stale credentials accumulate. In practice, disconnected apps weaken Zero Trust Architecture because the organisation cannot reliably prove who or what is allowed to connect at any moment.
NHIMG research shows that only 20% of organisations have formal processes for offboarding and revoking API keys, and even fewer rotate them consistently, which is exactly the control gap disconnected apps expose. The same governance blind spot is why the Ultimate Guide to NHIs treats lifecycle visibility as foundational, not optional. For practitioners, the lesson is that disconnected systems should be risk-ranked, inventoried, and brought under policy or compensating controls such as vaulting, logging, and periodic recertification.
Organisations typically encounter the true cost only after an account is compromised, an integration fails an audit, or a departed owner cannot be identified, at which point disconnected app governance becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Disconnected apps often hide secrets, ownership, and rotation gaps. |
| NIST CSF 2.0 | PR.AC-1 | Central identity control is missing, so access governance must be rebuilt. |
| NIST Zero Trust (SP 800-207) | Disconnected apps weaken continuous verification and policy enforcement. |
Treat every disconnected app as an exception and wrap it with compensating Zero Trust controls.
Related resources from NHI Mgmt Group
- Why can a single SaaS app create such a large blast radius?
- What is the difference between a service account and an OAuth-connected app?
- What is the difference between a disabled app and a deleted app in Microsoft 365?
- What is the difference between app visibility and identity visibility in SaaS security?
