DXC’s identity migration shows why deployment speed matters

At a glance

What this is: This is SailPoint’s account of DXC Technology’s identity modernisation journey and the operational benefit it cites: faster application deployment after migrating to Identity Security Cloud.

Why it matters: It matters because IAM teams often underestimate how governance architecture affects delivery speed across hybrid, public, and private cloud environments.

👉 Read SailPoint’s Navigate Studio discussion on DXC’s identity modernisation

Context

Identity modernization in hybrid cloud environments is not only about centralising control. It is about removing the friction that makes access changes, application onboarding, and governance workflows too slow for modern delivery teams.

DXC Technology’s example shows the business case in practical terms. When identity processes are compressed from weeks to hours, the IAM programme starts affecting deployment throughput, cloud agility, and the pace at which security can keep up with platform change.

Key questions

Q: How should IAM teams measure the business value of identity modernisation?

A: Measure how much time identity workflows add to application onboarding, access changes, and lifecycle actions. If those steps slow releases or create repeated manual intervention, the identity programme is constraining delivery. The best signal is a measurable reduction in turnaround time without a corresponding increase in access exceptions or policy variance.

Q: Why does hybrid-cloud identity management often slow down delivery?

A: Hybrid-cloud environments usually combine different control models, entitlement formats, and administration paths. That creates extra coordination work every time an application or policy changes. The slowdown comes from inconsistency, not just manual effort, so organisations need standardisation across environments if they want identity controls to support speed.

Q: What do security teams get wrong about identity security migrations?

A: Teams often assume the migration itself delivers the benefit. In practice, the gain only appears when policy design, integration quality, and entitlement models are harmonised across the full estate. Without that work, migration changes the platform but not the governance complexity that slows down operations.

Q: When does a SaaS identity model improve governance outcomes?

A: A SaaS identity model improves governance when it reduces internal maintenance while preserving consistent policy enforcement and lifecycle control across all application types. If the platform speeds administration but leaves policy drift in place, the programme becomes faster without becoming stronger.

Technical breakdown

Identity governance as a delivery constraint

Identity governance becomes a delivery constraint when access provisioning, application onboarding, and approval workflows cannot keep pace with engineering and operations. In hybrid cloud environments, that lag typically appears in manual reviews, fragmented entitlement models, and inconsistent policy enforcement across platforms. The result is not just slower access administration. It is slower change delivery, because every application release depends on identity decisions being completed before teams can proceed.

Practical implication: measure identity workflow latency as an operational bottleneck, not only a governance metric.

Why SaaS identity management changes the operating model

Moving identity security into a SaaS operating model changes where complexity is absorbed. Instead of maintaining more of the control plane locally, teams rely on a managed service for orchestration, policy execution, and lifecycle workflows. That can reduce internal maintenance overhead, but it also shifts attention to integration quality, policy design, and the consistency of application onboarding across environments. The architecture matters because speed gains only hold when the target state is repeatable across the full application estate.

Practical implication: validate that SaaS identity controls fit both legacy and cloud-native application patterns before treating migration as complete.

Hybrid-cloud identity modernization and control consistency

Hybrid-cloud identity modernization succeeds when the same governance intent is enforced across public, private, and on-premises systems. The hard part is not defining access policy once. It is maintaining consistent decisions across multiple control surfaces that evolved at different speeds and under different administration models. Without that consistency, automation only speeds up inconsistency. A modern identity programme therefore needs standardised entitlement modelling, lifecycle discipline, and visibility into where policies diverge.

Practical implication: inventory policy drift across environments before you scale migration to more applications.

NHI Mgmt Group analysis

Identity modernization is now a throughput issue, not just a control issue. When application deployment moves from weeks to hours, identity governance is no longer a back-office function that trails engineering. It becomes part of the delivery system itself, because approval latency and onboarding friction directly shape release cadence. For IAM leaders, that means identity architecture must be assessed by operational performance as well as control coverage.

Hybrid-cloud consistency is the real test of modern identity security. The challenge is not deploying one strong control model in isolation. It is keeping access decisions, lifecycle handling, and policy enforcement coherent across public, private, and hybrid environments where application patterns differ. The practical conclusion is that migration value depends on consistency across the estate, not on a single platform capability.

Deployment latency is the named concept here: the time identity workflows add between demand and usable access. The DXC example shows that this latency can shrink dramatically when governance is modernised, but only if the access model is repeatable and integrated. Security teams should treat identity latency as a measurable programme signal, because it reveals whether the operating model matches the pace of the business.

SaaS migration changes where identity complexity lives, not whether it exists. Moving to a cloud-delivered identity platform can simplify operations, but only if organisations also standardise entitlement design and provisioning logic. Otherwise the complexity shifts from infrastructure maintenance to integration and policy harmonisation. Practitioners should evaluate whether the migration reduces true governance effort or merely relocates it.

Identity programmes should be judged by how fast they make secure change possible. The strongest signal in this story is not a product claim. It is that mature identity governance can remove friction without weakening control. For IAM and IGA teams, the field is moving toward programmes that are measured by both control integrity and delivery enablement.

From our research:

• 88.5% of organisations acknowledge that their non-human IAM practices lag behind or are merely on par with their human identity and access management efforts, according to the 2024 Non-Human Identity Security Report.
• Only 19.6% of security professionals express strong confidence in their organisation's ability to securely manage non-human workload identities.
• That maturity gap is why readers should also review NHI Lifecycle Management Guide for provisioning, rotation, and offboarding discipline.

What this signals

Identity latency is becoming an operational governance signal. When teams can turn application deployment from weeks to hours, access workflow speed is no longer a secondary admin metric. It becomes a sign of whether identity architecture is aligned with delivery cadence, especially in hybrid environments where control consistency is hard to sustain.

With 35.6% of organisations citing consistent access across hybrid and multi-cloud environments as their top NHI security challenge, the governance lesson is clear: consistency, not just centralisation, is what makes modern identity programmes work. The practical benchmark is whether your policies survive movement across platforms without creating local exceptions. For practitioners, the right companion reading is Top 10 NHI Issues.

Credential lifecycle discipline and deployment speed are linked. Organisations that rely on slow, manual identity processes tend to accept operational lag as normal, then compensate with ad hoc exceptions. That pattern weakens both security and delivery, which is why teams should pair identity modernisation with lifecycle governance and access standardisation across the estate.

For practitioners

• Measure identity workflow latency end to end Track the time from access request or application onboarding to usable entitlement across your major environments. Break the measurement into approval, provisioning, and validation steps so you can see whether governance, integration, or platform design is causing the delay.
• Standardise entitlement models across cloud boundaries Define common access patterns for public cloud, private cloud, and on-premises systems before expanding migration scope. Consistent entitlement design makes it easier to reuse policy logic and avoid reworking controls for each application family.
• Audit policy drift during migration Compare access decisions and lifecycle handling across environments to find where cloud, legacy, and hybrid workflows have diverged. Use the findings to close gaps before those differences become embedded in the new operating model.
• Treat identity architecture as an operating metric Report identity turnaround time alongside deployment and service-delivery metrics so security and platform teams can evaluate the same operational bottlenecks. This keeps governance aligned to business speed rather than treated as a separate administrative queue.

Key takeaways

• Identity modernisation is not only a security exercise. It directly affects how quickly teams can onboard applications and move changes through the estate.
• Hybrid-cloud identity programmes fail when access policy differs from one environment to another, because inconsistency turns automation into faster inconsistency.
• Security and IAM leaders should treat identity turnaround time as a governance metric that reveals whether the operating model matches delivery speed.

Key terms

• Identity modernization: Identity modernization is the process of redesigning identity governance, provisioning, and access control so they fit current cloud and delivery models. In practice, it usually means reducing manual work, standardising policy, and making access workflows faster without weakening oversight.
• Identity latency: Identity latency is the delay introduced by identity workflows between a need for access and the point at which access is actually usable. It is a useful operational measure because it shows how much friction identity governance adds to application delivery, onboarding, and change execution.
• Hybrid-cloud consistency: Hybrid-cloud consistency is the ability to apply the same governance intent across public cloud, private cloud, and on-premises environments. It matters because identity controls break down when each platform uses different entitlement formats, approval paths, or lifecycle practices.
• SaaS identity model: A SaaS identity model is an operating model in which identity security functions are delivered through a cloud service rather than maintained entirely on premises. The value depends on integration quality and policy consistency, not simply on shifting the platform into the cloud.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by SailPoint: Inside the Navigate Studio with DXC Technology. Read the original.