Disconnected apps and unmanaged identities are reshaping EMEA IAM

At a glance

What this is: This is an analysis of how disconnected applications and unmanaged corporate identities are weakening IAM coverage across EMEA, especially in fast-scaling Israeli organisations.

Why it matters: It matters because IAM, IGA, PAM, and NHI programmes all fail faster when applications, accounts, and offboarding processes sit outside the identity provider.

By the numbers:

• 60% of SaaS applications are integrated into core, into core IAM platforms on average.
• 25% of helpdesk tickets were identity-related in one, ted in one Israeli scale-up.
• Bots and automation tools made up 60% of active identities in one AI-focused Israeli company.

👉 Read Cerby's analysis of disconnected apps and unmanaged identities in EMEA

Context

EMEA identity security is becoming harder to govern because application growth is outrunning central control. In practice, that means many business apps, social tools, and team-specific SaaS systems sit outside the identity provider, creating gaps in onboarding, offboarding, and access review.

The article frames Israel as a pressure test for this problem because speed, cloud adoption, and AI uptake are compressing the time available to govern access. That is a direct IAM issue, but it also extends into NHI lifecycle control when bots and automation accounts are left outside normal identity processes.

Key questions

Q: How should security teams govern disconnected applications that sit outside core IAM?

A: Security teams should start by identifying every business-critical application that bypasses the identity provider, then assign ownership, lifecycle rules, and offboarding responsibility for each one. The goal is not perfect integration on day one. It is reducing the number of places where access can persist without a clear control owner.

Q: Why do unmanaged corporate identities create so much operational risk?

A: Unmanaged identities create risk because they force security and IT teams to rely on memory, tickets, and app-specific cleanup instead of a consistent lifecycle process. That leads to stale access, slow offboarding, audit gaps, and more helpdesk work. The operational burden becomes a security exposure when no one can prove access was removed on time.

Q: What do organisations get wrong about NHI lifecycle governance?

A: Many organisations treat bots and automation accounts as exceptions rather than as identities that need owners, purpose, and retirement. That mindset leaves machine access outside joiner-mover-leaver control and makes it easy for dormant non-human accounts to linger after the business process has ended. The failure is governance, not technology.

Q: How do compliance requirements change IAM planning in EMEA?

A: Compliance in EMEA raises the need for consistent identity control across regions, but it does not remove the need for operational simplicity. Teams should design access governance so it can satisfy GDPR, NIS2, and DORA expectations without creating manual workarounds that fragment control. Otherwise, regulatory complexity becomes an access management problem.

Technical breakdown

Why disconnected applications break IAM coverage

Disconnected applications are systems that sit outside the identity provider or only partially integrate with it. When that happens, authentication may still work, but lifecycle governance does not. Offboarding, role changes, and periodic access checks become manual, inconsistent, and slow. The security problem is not simply more applications. It is that identity truth fragments across directories, spreadsheets, local admin panels, and app-specific settings. That fragmentation creates blind spots for entitlement review and makes it hard to prove who had access to what, when, and why.

Practical implication: map which apps still bypass central lifecycle control and prioritise the ones that carry customer, finance, or brand risk.

Identity debt and the cost of unmanaged corporate identities

Identity debt is the accumulation of accounts, permissions, and app relationships that no one owns cleanly anymore. It resembles technical debt, but the failure mode is governance rather than code. Every time a team adopts a tool without a lifecycle process, the organisation inherits future offboarding work, access uncertainty, and audit friction. In fast-growing environments, this debt compounds because employees change roles faster than identity teams can keep up. The result is delayed removals, stale entitlements, and inconsistent enforcement across departments and regions.

Practical implication: treat unmanaged accounts as accumulated governance debt and build a remediation queue for ownership, recertification, and closure.

Why NHI lifecycle now sits inside the same control problem

When bots and automation tools become a large share of active identities, they can no longer be managed as ad hoc exceptions. A bot retirement problem is not different in principle from a leaver problem. The issue is whether the organisation can discover the identity, assign ownership, and remove access when the workflow ends. If these accounts never enter the IAM lifecycle, they bypass the same controls used for human offboarding and access review. That leaves machine identities with lingering access long after the task that justified them has disappeared.

Practical implication: bring service accounts, bots, and automation identities into the same lifecycle governance model used for human access.

Threat narrative

Attacker objective: The attacker or opportunistic insider aims to exploit forgotten access paths and stale identities that the organisation has not fully governed.

1. Entry occurs when a business unit adopts a new SaaS application or social platform outside central IAM governance, creating a parallel access path that the identity team does not fully see.
2. Escalation occurs when offboarding, role changes, and app ownership are handled manually, leaving stale accounts, orphaned privileges, and unmanaged non-human identities in place.
3. Impact appears as higher helpdesk load, audit findings, delayed offboarding, brand exposure, and a larger attack surface for misuse or account takeover.

Breaches seen in the wild

• Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.
• Salesloft OAuth token breach — hackers stole OAuth tokens to access Salesforce data via Salesloft.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Disconnected apps are not an integration problem, they are an identity governance problem. Once applications operate outside the identity provider, lifecycle control becomes partial by design. That means onboarding, offboarding, and recertification lose their authoritative source of truth. The implication is that IAM programmes must be judged by coverage of business-critical apps, not by directory completeness alone.

Identity debt is the right name for unmanaged app sprawl because the cost is deferred, not eliminated. Every shadow app, local account, and unowned entitlement becomes future audit work, future helpdesk load, and future risk. This is a governance debt pattern, not a tooling inconvenience. Practitioners should treat it as an operating model issue that consumes both security and delivery capacity.

NHI lifecycle failure is now part of the same control plane as human lifecycle failure. When bots and automation tools make up a large share of active identities, leaving them outside joiner-mover-leaver governance creates a structural blind spot. The organisation may still know when a person leaves, but not when a workload identity should be retired. That is a control-plane gap that identity teams need to govern as a single lifecycle discipline.

EMEA fragmentation exposes the limits of one-size-fits-all IAM operating models. GDPR, NIS2, DORA, and country-level obligations push toward stronger accountability, but lean teams cannot absorb that through manual review alone. The real test is whether governance can scale across regions, app types, and identity types without collapsing into exceptions. Practitioners should assess whether their operating model supports regional compliance without fragmenting control.

What Israel shows is that speed has become an identity design constraint. In fast-moving SaaS and AI environments, teams will keep adopting tools faster than central IAM can absorb them. The practical conclusion is not to block change, but to design governance that can keep pace with business demand while preserving ownership, visibility, and offboarding discipline.

From our research:

• 88.5% of organisations acknowledge that their non-human IAM practices lag behind or are merely on par with their human identity and access management efforts, according to Aembit.
• 23.7% of organisations share secrets through insecure methods such as email or messaging applications, according to Aembit.
• Read Ultimate Guide to NHIs for the lifecycle controls that close these gaps.

What this signals

Identity debt: this is the right way to think about disconnected apps and unmanaged corporate identities. When access lives outside the identity provider, the problem stops being a point solution gap and becomes a programme design issue that affects onboarding, offboarding, audit readiness, and service delivery. Teams should expect the next wave of identity work to focus less on directory hygiene and more on control coverage across the full application estate.

With 88.5% of organisations saying their non-human IAM practices lag behind or merely match human IAM maturity, according to Aembit, the boundary between human and machine governance is already too soft for modern operations. That matters because hybrid teams now need one lifecycle model that can absorb apps, bots, and delegated access without creating separate exceptions for each identity type.

Practitioners should prepare for identity governance to be judged by operational throughput as much as by policy completeness. If offboarding takes days, helpdesk demand stays high, and local teams keep bypassing central controls, the programme is already absorbing the cost of fragmentation. The next step is to align lifecycle governance, regional compliance, and application ownership under one operating model.

For practitioners

• Inventory applications outside core IAM coverage Create a living register of apps that do not fully integrate with the identity provider, then rank them by business criticality, data sensitivity, and offboarding risk. Use that register to target the highest-value remediation first.
• Measure identity-related operational drag Track helpdesk volume, offboarding duration, and unresolved access issues as identity governance metrics, not only support metrics. If access work is consuming a large share of IT time, the IAM operating model is underpowered.
• Fold bots and automation into lifecycle control Require every non-human identity to have an owner, a purpose, and a retirement condition. If a bot or automation tool cannot be tied to a lifecycle event, it should not remain active by default.
• Treat audit findings as governance defects When auditors find unmanaged SaaS accounts or missing ownership trails, convert the issue into a remediation backlog with deadlines and accountable owners. Do not leave it as a one-time compliance cleanup exercise.
• Align regional compliance and identity operations Map which controls must be consistent across GDPR, NIS2, and DORA environments, then define where local variation is allowed. This reduces the chance that compliance fragmentation turns into access fragmentation.

Key takeaways

• Disconnected applications create identity governance debt because access can persist outside the identity provider.
• The scale of the problem is visible in day-to-day operations, from helpdesk overload to delayed offboarding and audit friction.
• IAM programmes need to cover human and non-human identities under one lifecycle model if they want to reduce both risk and operational drag.

Key terms

• Identity Debt: Identity debt is the accumulation of accounts, entitlements, and app ownership gaps that are allowed to persist because teams move faster than governance. It shows up later as audit noise, offboarding delays, and manual cleanup work that should have been designed out of the operating model.
• Disconnected Application: A disconnected application is a business system that is not fully integrated into the central identity stack. It may still authenticate users, but it weakens lifecycle control, recertification, and offboarding because identity truth is split across multiple administrative planes.
• Non-Human Identity Lifecycle: Non-human identity lifecycle is the set of governance steps used to create, own, review, rotate, and retire service accounts, bots, tokens, and other machine identities. In practice, it must be treated as the same discipline as human lifecycle control, with different account types but the same need for ownership and closure.
• Identity Provider Coverage: Identity provider coverage measures how much of the application estate is governed through central authentication and lifecycle control. Partial coverage is a governance risk because the uncovered apps become exceptions where access, ownership, and offboarding are harder to prove and enforce.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by Cerby: disconnected apps and unmanaged identities in EMEA. Read the original.