December identity governance updates point to scale, visibility and UX

At a glance

What this is: This is a December product wrap-up covering UX, campaign visibility, scale, and integration updates in an identity governance platform.

Why it matters: It matters because IAM teams need governance systems that support human review work, NHI lifecycle operations, and future autonomous controls without adding avoidable friction.

By the numbers:

• Only 5.7% of organisations have full visibility into their service accounts.
• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
• 80% of identity breaches involved compromised non-human identities such as service accounts and API keys.

👉 Read ConductorOne's December product wrap-up on identity governance updates

Context

Identity governance tools fail when they make routine work harder than the risk justifies. In a mature programme, access policy creation, campaign reviews, and connector operations must stay understandable enough for admins and reviewers to act consistently, especially when the same controls span human users, service accounts, and emerging AI-driven identities.

The article’s December updates are about smoothing that operational friction rather than changing the governance model itself. For teams managing NHI, lifecycle review, and access certification at scale, the real issue is whether the platform reduces cognitive load while preserving decision quality.

That balance matters because modern identity programmes now operate across more identity types and more systems than review cadences were originally designed to handle. Visibility, predictable workflows, and integration depth are not cosmetic features. They are what keep governance from stalling under routine load.

Key questions

Q: How should identity teams reduce friction in access review workflows?

A: Identity teams should remove unnecessary policy complexity, expose review context directly in the workflow, and make campaign status visible enough that admins can act without manual follow-up. The goal is not just faster approvals. It is more consistent governance, fewer stalled items, and less dependence on tribal knowledge to complete routine decisions.

Q: Why do access reviews stall in larger identity programmes?

A: Access reviews stall when reviewers lack context, administrators cannot see bottlenecks, and the workflow forces people to jump between tools to decide. As scale grows, those small delays compound into backlogs. The practical fix is not more reminders alone, but better visibility into progress, ownership, and unresolved items.

Q: How can organisations tell if connector coverage is actually sufficient?

A: Connector coverage is sufficient only when it supports the full lifecycle, including provisioning, deprovisioning, reconciliation, and monitoring in downstream systems. If a connector only syncs state without enforcing change, governance remains partial. Organisations should test whether access changes are actually reflected where the permissions live, not just in the identity platform.

Q: What is the difference between reviewing access and governing access end to end?

A: Reviewing access checks whether an entitlement still looks acceptable. Governing access end to end means the platform can also enforce lifecycle changes across connected systems when decisions are made. A review without downstream enforcement can document a problem without resolving it, which leaves the access state unchanged.

Technical breakdown

Policy authoring without expression complexity

The post points to easier policy building without complex expressions, which matters because access governance often fails at the point where policy logic becomes too hard to read or maintain. In practice, brittle policy syntax creates hidden exceptions, inconsistent approval paths, and higher admin dependency. Good governance design reduces the translation gap between intent and implementation so reviewers can understand why access was granted. That is especially important in programmes that need to express fine-grained decisions across applications, roles, and identity types without turning each policy into a custom engineering task.

Practical implication: simplify policy authoring so access rules remain auditable, maintainable, and usable by governance teams.

Campaign dashboards for access review visibility

Campaign dashboards improve how teams see review progress, but their real value is operational control. Access reviews stall when administrators cannot tell which reviewers are behind, which items are still pending, and where bottlenecks are forming. Better visibility turns recertification from a periodic cleanup exercise into a managed workflow with measurable throughput. For identity programmes, that matters because review completion is only one signal; the deeper signal is whether the process is running predictably enough to support ongoing governance across many applications and many reviewers.

Practical implication: use campaign visibility to identify bottlenecks early and keep recertification from becoming a backlog problem.

Connector depth as lifecycle enforcement

Connector expansion is not just about breadth. In identity governance, the connector is the control plane that determines whether provisioning, deprovisioning, and access state changes actually reach downstream systems. If connectors only sync surface attributes, lifecycle governance stays incomplete. The article’s emphasis on provisioning, deprovisioning, configuration, and monitoring reflects a basic truth: access governance only works when identity state changes can be enforced end to end. That is true for human accounts, service accounts, and AI-related identities alike.

Practical implication: verify that connectors support the full access lifecycle, not just account creation or attribute sync.

Breaches seen in the wild

• Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.
• DeepSeek breach — DeepSeek breach exposed 1M+ log lines and sensitive secret keys.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Identity governance now competes on usability as much as policy depth. The December wrap-up shows that teams no longer tolerate workflows that require constant context switching, opaque review states, or custom syntax for ordinary access decisions. That is not a cosmetic preference, it is a control-quality issue, because friction creates inconsistency and inconsistency weakens governance. Practitioners should treat usability as part of the control surface, not as a separate product concern.

Campaign visibility is becoming a core governance control, not a reporting feature. When reviewers cannot see what is blocked, who is lagging, or how much work remains, recertification loses momentum and creates unmanaged entitlement drift. The important shift here is that operational transparency is now what keeps the governance process alive at scale. Teams should judge review tooling by whether it shortens decision loops, not by whether it merely records them.

Connector depth is the difference between governing access and describing it. Many identity tools can mirror account state, but far fewer can enforce full lifecycle change across the systems where access actually lives. That matters because access governance without reliable provisioning and deprovisioning is partial governance. Practitioners should ask whether every connector supports enforcement, reconciliation, and monitoring, especially where NHI credentials and service accounts are involved.

Lifecycle governance is becoming the common language across human, NHI, and automated identities. The same operational pattern appears in reviews, onboarding, offboarding, and entitlement cleanup, even when the identity subject changes. The field is moving toward one governance model with multiple actor types, not separate processes for each system. Practitioners should design for that convergence now rather than retrofitting it later.

Named concept: governance friction debt. Small usability gaps, unclear review states, and brittle integrations accumulate into a form of operational debt that slows certification and weakens decision quality. This is not a single control failure; it is a pattern where the programme becomes harder to operate with every exception. The implication is that identity governance maturity must now include friction reduction as a measurable discipline.

From our research:

• Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
• 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
• That visibility gap is why the Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs matters for teams trying to connect governance, rotation, and offboarding.

What this signals

Governance friction debt: When review flows, policy authoring, and connector operations all require extra translation, identity programmes absorb a hidden operational tax. That tax becomes visible when campaigns stall, exceptions multiply, and admins spend more time navigating the tool than governing access. Teams should treat friction as a control-health signal, not a user-experience complaint.

With 96% of organisations storing secrets outside secrets managers in vulnerable locations including code, config files, and CI/CD tools, the next phase of identity governance will reward platforms that can join lifecycle enforcement to real-world system state. That means campaign visibility and connector depth need to be evaluated together, not separately.

For teams aligning to formal control models, the relevant benchmark is whether governance operations support continuous verification and auditable state change. The NIST Cybersecurity Framework 2.0 provides the broader governance lens, but the practical test is whether an identity workflow can survive scale without turning every review into a manual project.

For practitioners

• Simplify access policy authoring Reduce dependence on complex expressions for standard approval patterns and make policy intent visible to reviewers and admins. Test whether a non-specialist governance operator can understand the rule without opening another system.
• Instrument review campaigns for bottlenecks Track stalled items, reviewer lag, and unfinished work at the campaign level so recertification does not degrade into manual chasing. Use dashboards to distinguish process delay from true access risk.
• Validate connector enforcement depth Check that integrations support provisioning, deprovisioning, reconciliation, and monitoring, not just account sync. Prioritise connectors that can update downstream access state when lifecycle events occur.
• Treat lifecycle controls as shared governance Apply the same review and offboarding discipline to human accounts, service accounts, and machine identities so the programme does not fragment by actor type. Align your operating model around access state, not identity label.

Key takeaways

• The post is really about operational friction in identity governance, not feature breadth.
• Visibility, review throughput, and connector enforcement are the controls that separate usable governance from documentation-only governance.
• As identity programmes span humans, NHIs, and automated systems, lifecycle discipline has to work end to end or it does not work at all.

Key terms

• Identity Governance: Identity governance is the set of policies, workflows, and controls used to decide who or what should have access, approve it, review it, and remove it. In practice, it spans humans, service accounts, and machine identities, and it only works when state changes can be enforced across connected systems.
• Access Review Campaign: An access review campaign is a structured certification workflow used to revalidate existing entitlements over a defined set of users, accounts, or applications. Its value depends on reviewer context, campaign visibility, and the ability to close the loop when decisions are made.
• Connector Depth: Connector depth describes how fully an integration can enforce identity state in a downstream system, not just read or write a basic record. Deep connectors support provisioning, deprovisioning, reconciliation, and monitoring, which makes lifecycle governance operational instead of symbolic.
• Governance Friction Debt: Governance friction debt is the cumulative operational cost created when policy design, reviews, and integrations are harder to use than they should be. Over time, that friction slows decisions, encourages workarounds, and weakens the reliability of the identity programme.

Deepen your knowledge

Identity governance UX, lifecycle enforcement, and access review operations are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If your team is trying to scale governance across humans, service accounts, and AI-driven identities, it is worth exploring.

This post draws on content published by ConductorOne: December Product Wrap-Up. Read the original.