Swivel-chair management is the practice of completing one operational task by moving between multiple disconnected tools and interfaces. In identity and service operations, it creates inconsistency, slows execution, and makes it harder to prove that approvals, handoffs, and lifecycle steps actually completed.
Expanded Definition
Swivel-chair management describes an operational pattern where a single identity, access, or service task must be completed by copying data, checking status, or triggering actions across multiple disconnected consoles. In NHI operations, it is less a formal control than a failure mode that appears when account lifecycle, secret rotation, ticketing, and approval workflows are split between systems that do not share state.
Definitions vary across vendors because some teams reserve the term for manual data re-entry, while others include any process that requires an operator to verify outcomes in one system and execute the next step in another. In practice, the risk is not only inefficiency. Each handoff creates an opportunity for drift between the source of truth and the executed action, especially when service accounts, API keys, or agent permissions are being updated. NIST’s Cybersecurity Framework 2.0 is relevant here because it emphasizes coordinated governance, but it does not by itself eliminate console fragmentation.
The most common misapplication is treating swivel-chair work as harmless manual oversight, which occurs when teams assume that a human checkpoint guarantees consistency even though the underlying systems remain unsynchronised.
Examples and Use Cases
Implementing identity and service operations rigorously often introduces process coupling, requiring organisations to weigh tighter control against slower execution and higher operator effort.
- A platform engineer disables an expired service account in one IAM portal, then manually updates a separate secrets vault and a ticketing system to keep the record aligned.
- A security analyst rotates a token after reading a finding in one dashboard, then re-enters the new value into a deployment tool because the two platforms do not share lifecycle state.
- An approver signs off on privileged access in a governance tool, while the actual role assignment is completed later in a different admin console, creating a gap between approval and enforcement.
- An operations team uses the NHI Lifecycle Management Guide to map ownership steps, but still has to cross-check completion in multiple systems because automation is incomplete.
- In incident response, analysts may compare events against the Top 10 NHI Issues while manually reconciling logs, approvals, and revocations across separate tools.
For service identities and credentials, the problem becomes more visible when the workflow includes secret updates, because a token can be rotated in one place while an application still depends on the old value elsewhere. That is one reason NHI governance discussions now focus on lifecycle coherence rather than isolated admin tasks.
Why It Matters in NHI Security
Swivel-chair management weakens NHI security because it obscures whether access has actually been removed, whether a secret has been fully rotated, and whether a privilege change propagated to every dependent system. The result is governance theatre: approvals exist, but enforcement is uneven. This is especially dangerous for agentic workloads, where a stale credential or mismatched role assignment can preserve machine access long after a human believes it was revoked.
NHIMG’s The State of Secrets in AppSec found that organisations maintain an average of 6 distinct secrets manager instances, creating fragmentation that undermines centralised control, and that the average estimated time to remediate a leaked secret is 27 days. That combination helps explain why swivel-chair processes persist: they are often compensating for tool sprawl rather than enforcing real lifecycle control. In a related example of operational blindness, the DeepSeek breach illustrates how exposure can scale when secrets and records are not governed through a single, reliable process.
Organisations typically encounter the true cost only after a failed revocation, delayed incident response, or audit exception, at which point swivel-chair management becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | Manual cross-tool identity handling increases lifecycle and governance failure risk. |
| NIST CSF 2.0 | GV.OC-01 | Operational fragmentation weakens governance visibility across identity workflows. |
| NIST Zero Trust (SP 800-207) | Swivel-chair operations undermine continuous verification and policy enforcement. |
Reduce disconnected NHI handling by centralising lifecycle actions and verifying every state change.
