TL;DR: As headcount, devices, SaaS accounts, and access requests grow, spreadsheet-led IT management creates data gaps, orphaned accounts, privilege creep, and audit pain, while JumpCloud cites 83% of former employees retaining access to previous employer accounts and a $4.9 million average breach cost. The core issue is not tooling convenience but the collapse of a single source of truth for identity and device governance.
At a glance
What this is: This is an analysis of why spreadsheet-led IT administration stops working as organisations scale and how that creates visibility, access, and compliance gaps.
Why it matters: It matters because IAM, NHI, and lifecycle teams all depend on accurate source-of-truth records for provisioning, deprovisioning, recertification, and access control.
By the numbers:
- 83% of former employees retain access to accounts from their previous employer.
- 17.3 hours a week , almost half the work week, for knowledge workers in small and medium businesses.
👉 Read JumpCloud's article on why spreadsheet-based IT management breaks at scale
Context
Spreadsheet-based IT management is a scalability problem, not just an administrative inconvenience. Once device fleets, SaaS accounts, and access permissions expand faster than the team can update records, the organisation loses the single source of truth that IAM and lifecycle governance depend on.
The result is predictable: stale entitlements, orphaned accounts, delayed onboarding, weak audit evidence, and inconsistent device tracking. That is why this topic sits at the intersection of human IAM and identity lifecycle management, even though the article presents it through an IT operations lens.
For teams running access reviews, offboarding, or privileged access governance, the deeper issue is that manual tracking breaks the feedback loop between identity events and control enforcement. The starting position here is typical for smaller teams, but it becomes unsustainable quickly as growth and hybrid work add complexity.
Key questions
Q: What breaks when IT teams manage access in spreadsheets?
A: What breaks first is accuracy, then enforcement. Spreadsheet records fall behind real joiner, mover, and leaver activity, so users keep stale permissions, new hires wait for access, and auditors cannot reliably trace approval history. Once the record is no longer current, it cannot support secure provisioning or trustworthy deprovisioning.
Q: Why do manual IT processes create privilege creep?
A: Manual processes create privilege creep because access changes happen in slow, human-driven steps and revocation is easy to miss. Each delayed update leaves old permissions in place longer than intended, so accumulated access no longer matches job role. The result is broader blast radius and weaker governance.
Q: How do teams know if spreadsheet-based asset tracking is failing?
A: A clear signal is when onboarding, offboarding, and audit preparation all depend on searching multiple files, emails, and notes to reconstruct the current state. If teams cannot answer who approved access or whether revocation happened without manual reconciliation, the control has already failed operationally.
Q: Who is accountable when access revocation is missed after offboarding?
A: Accountability sits with the identity and IT governance function that owns the lifecycle process, not with the spreadsheet itself. The organisation needs a named control owner, explicit revocation steps, and evidence that leaver access is removed before the account remains active in downstream systems.
Technical breakdown
Why spreadsheets fail as an identity source of truth
A spreadsheet is a static record, but identity governance is dynamic. Users move, leave, change roles, inherit new access, and carry devices across environments. When the record cannot update in step with those events, it stops functioning as a source of truth and becomes a lagging artefact. That lag is enough to create duplicate entries, missing deprovisioning actions, and inconsistent entitlement views across IT, security, and compliance. In practice, the problem is not the spreadsheet format itself. It is the absence of event-driven identity lifecycle control.
Practical implication: replace manual asset and access tracking with a system that can update entitlements when identity events occur.
How manual provisioning creates privilege creep and orphaned access
Manual provisioning usually means approvals arrive by email or chat, then someone copies details into a file and applies changes later. That delay creates two failure modes. First, users receive access that is broader than their role because the request is hard to validate in context. Second, leavers keep old entitlements because revocation depends on someone noticing and acting on the spreadsheet entry. Over time, those stale permissions accumulate into privilege creep, which increases blast radius when an account is compromised or repurposed.
Practical implication: tie provisioning and deprovisioning to lifecycle events so access changes are enforced, not remembered.
Why audit readiness collapses when evidence lives in files and inboxes
Auditability depends on traceable decisions, timestamps, and control evidence. When those artefacts are scattered across spreadsheets, emails, notes, and shared drives, the organisation cannot reliably answer who approved access, when it changed, or whether revocation happened after offboarding. That creates a compliance problem as much as an operational one, because auditors need repeatable evidence, not reconstructed narratives. A central governance platform does not solve policy design by itself, but it makes entitlement history and control execution observable in a way spreadsheets cannot.
Practical implication: centralise access evidence so recertification and audit requests can be answered without manual reconstruction.
NHI Mgmt Group analysis
Spreadsheets create identity governance drift because they cannot keep pace with lifecycle change. Once identity, device, and application records are updated manually, the control plane falls behind the actual state of access. That drift shows up first as onboarding delays and later as missing revocations, stale permissions, and inconsistent evidence. The practical conclusion is that governance fails when the record cannot move at the speed of the identity lifecycle.
Privilege creep is the direct security cost of manual IT administration. The article’s own examples show how access accumulates when approvals, changes, and offboarding are handled case by case. Over time, that turns role-based access into historical access, where people keep what they no longer need. For IAM teams, the issue is not only over-permissioning but the inability to prove when it was removed.
Audit burden is a control design problem, not a reporting problem. If the evidence is buried across spreadsheets, inboxes, and notes, the organisation has already lost control observability. Compliance teams then spend time reconstructing decisions instead of validating them. That means the governance model is too manual to support recertification at scale, and practitioners should treat that as an operating model defect, not an evidence-collection issue.
Identity lifecycle management is the missing discipline behind scalable IT operations. The article is really describing a lifecycle failure across joiner, mover, and leaver events. A spreadsheet can list assets, but it cannot enforce provisioning, move approvals, or deprovisioning with reliable state changes. The practitioner takeaway is that lifecycle governance must be treated as infrastructure, not as admin housekeeping.
Single source of truth is the right concept here, but only if it is actively governed. The phrase describes more than inventory. It means entitlement state, device state, and approval state are aligned closely enough to support trust decisions. Without that alignment, teams are forced into reactive cleanup, which is why scale exposes the gap so quickly.
From our research:
- 67% of organisations still rely heavily on static credentials despite the risks they pose to agentic AI deployments, according to The 2026 Infrastructure Identity Survey.
- Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security.
- The 2026 Infrastructure Identity Survey shows the governance gap is already measurable, not theoretical, as AI adoption scales faster than policy coverage.
What this signals
Single source of truth is becoming a governance requirement, not an administrative preference. As organisations add more devices, apps, and lifecycle events, the operational risk shifts from delayed updates to broken trust in entitlement state. Teams that still depend on spreadsheets should expect access reviews and offboarding to expose more exceptions, not fewer.
With 69% of security leaders agreeing identity management must fundamentally shift to address agentic AI systems, the wider market is signalling that identity governance is being redefined around dynamic actors rather than static records. That matters even for human IAM programmes, because the same lifecycle discipline that fails in spreadsheets also fails when access is more frequent and more distributed.
Lifecycle control will become the differentiator: organisations that can link joiner, mover, and leaver events to live entitlement changes will absorb growth with less friction. Those that cannot will keep paying in audit effort, access leakage, and productivity loss, even before more advanced identity use cases arrive.
For practitioners
- Replace spreadsheet-based entitlement tracking Move user, device, and application records into a controlled system that can update access state as people join, move, and leave. Spreadsheets can still be exported for reporting, but they should no longer be the operational record for entitlement decisions.
- Automate offboarding and access revocation Link leaver events to account disablement, application revocation, and device recovery so access removal does not depend on a manual checklist. The goal is to remove dependence on someone remembering to update a file.
- Run access reviews against live entitlement data Use recertification workflows that compare approved access with current role and device state. If reviewers are validating stale spreadsheet entries, the review is documenting drift rather than correcting it.
- Centralise audit evidence for provisioning changes Store approval history, entitlement changes, and revocation records in one place so compliance teams can trace who changed what and when without reconstructing the trail from inboxes and notes.
Key takeaways
- Spreadsheet-led IT management fails when identity state changes faster than manual records can be updated.
- The evidence is already visible in lingering access, privilege creep, and heavier audit workloads.
- Scaling securely requires live lifecycle controls, not better spreadsheets.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.AC-4 | Access permissions management is central to replacing spreadsheet-based control. |
| NIST Zero Trust (SP 800-207) | 3.1 | Manual records undermine continuous verification of entitlement state. |
| OWASP Non-Human Identity Top 10 | NHI-03 | Offboarding and credential removal failures mirror common NHI lifecycle gaps. |
Treat identity and device state as continuously verified inputs, not static spreadsheet rows.
Key terms
- Single Source of Truth: A single source of truth is the authoritative record used to decide what access, device, or entitlement state is current. In identity governance, it must update as people and systems change, otherwise decisions drift from reality and controls become documentary rather than operational.
- Privilege Creep: Privilege creep is the gradual accumulation of permissions that no longer match a person's role or need. It happens when access changes are added over time but never fully removed, leaving accounts with broader reach and a larger blast radius than the business intended.
- Identity Lifecycle Management: Identity lifecycle management is the discipline of governing access from joiner to mover to leaver events. It covers provisioning, change management, recertification, and deprovisioning, and it only works when those steps are tied to current identity state rather than manually maintained records.
- Audit Evidence: Audit evidence is the traceable record showing who approved access, when changes occurred, and whether removal happened as required. In practice, it must be reproducible from system logs and control records, not reconstructed from inboxes, notes, or disconnected spreadsheets.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.
This post draws on content published by JumpCloud: why spreadsheets hold IT back as companies grow. Read the original.
Published by the NHIMG editorial team on 2025-10-02.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
