The control loses independence, which means mistakes and fraud are harder to detect and easier to hide. Auditors cannot trust the record when the same role can both perform the action and sign off on it. That is why SoD requires distinct authorisation, execution, and reconciliation paths.
Why This Matters for Security Teams
When one role can approve and execute the same transaction, segregation of duties stops being a control and becomes a formality. The problem is not just fraud; it is the loss of independent verification that catches mistakes, abuse, and policy drift before they propagate. NHI Mgmt Group research shows that 97% of NHIs carry excessive privileges, which makes combined authority especially dangerous in service accounts, API-driven workflows, and agentic systems. The NIST Cybersecurity Framework 2.0 treats governance and access control as operational requirements, not paperwork.
For non-human identities, this failure is often invisible because the approval and execution may happen in seconds, through automation, with no human stepping in to question context. The Ultimate Guide to NHIs notes that 80% of identity breaches involved compromised non-human identities, which is why combined authority is so risky in machine-to-machine environments. In practice, many security teams encounter SoD failures only after an audit exception, a production incident, or a fraud investigation has already exposed the overlap.
How It Works in Practice
Effective segregation of duties separates the person or process that requests change, the one that approves it, and the one that executes it. In NHI governance, that usually means the workload that initiates an action cannot also mint the credentials, release the secret, and finalize the transaction. The current guidance suggests treating approval as a distinct trust decision, not just a workflow step. That is especially important for service accounts, pipelines, and agentic AI systems, where tool use can be chained quickly and opportunistically.
In practice, the control works best when the environment enforces independent paths at runtime:
- Approval is bound to a separate identity, policy, or control plane.
- Execution uses short-lived credentials issued only after approval.
- Logging preserves who approved, what was approved, and what was executed.
- Reconciliation checks whether the action matched the approved intent.
This is where identity hygiene matters. NHI Mgmt Group’s Ultimate Guide to NHIs highlights the operational risk of standing privileges and poor visibility, both of which make same-role approval and execution hard to detect. Controls should also align with the NIST Cybersecurity Framework 2.0 emphasis on least privilege, traceability, and response.
Where this guidance breaks down is in high-frequency automation that uses a single technical account for speed, because shared execution paths can erase the audit boundary unless the platform supports separate policy decisions and immutable records.
Common Variations and Edge Cases
Tighter segregation often increases workflow friction, so organisations have to balance stronger assurance against operational speed. That tradeoff is real in DevOps pipelines, emergency break-glass procedures, and low-latency trading or payment systems, where the wrong design can slow delivery or cause operators to bypass controls entirely.
There is no universal standard for every exception path yet, but current guidance suggests keeping exceptions narrow, time-bound, and heavily monitored. For example, break-glass access should still require after-the-fact review, and automated approvals should not be granted to the same workload that will execute the action. The same principle applies to AI agents: if the agent can both decide and act, then the approval step must come from a separate policy engine or supervising identity.
That distinction becomes more important as organisations adopt autonomous tooling. The Ultimate Guide to NHIs shows how often secrets and privileges remain in circulation far longer than intended, which makes same-role approval and execution a durable risk rather than a one-off process flaw. Best practice is evolving, but the principle remains stable: the entity that says “yes” should not also be the entity that performs the irreversible action.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Addresses excessive privilege and weak separation in non-human identity workflows. |
| NIST CSF 2.0 | PR.AC-4 | Least-privilege access and authorization boundaries underpin SoD enforcement. |
| NIST AI RMF | Governance is needed when autonomous systems can both decide and execute transactions. |
Enforce distinct authorization paths and review access to ensure no role can self-approve actions.
