Values-driven IT and the end of scarcity-led service models

At a glance

What this is: This is a philosophy-led argument for replacing transactional IT with values-driven, employee-first support.

Why it matters: It matters because IAM, service desk, and lifecycle teams all shape whether identity operations build trust or create friction across human, NHI, and autonomous programmes.

👉 Read JumpCloud’s article on values-driven IT and the Give First operating model

Context

Values-driven IT is a governance model, not a helpdesk slogan. The article argues that IT teams break trust when they treat employees as problems to be managed instead of users to be enabled, which turns access, support, and resolution into adversarial transactions.

For identity and access teams, the underlying issue is lifecycle design and service posture. If support processes are built around scarcity, the organisation gets slower approvals, weaker collaboration, and lower confidence in how access is granted, reviewed, and sustained.

Key questions

Q: How can IT teams reduce friction without weakening identity controls?

A: Standardise the common path, remove unnecessary approvals, and make exceptions visible and time-bound. Teams reduce friction when identity processes are predictable and fast enough that users do not need side channels. The real test is whether access, offboarding, and recertification still work when the support team is not in the room.

Q: Why does user trust matter in IAM programmes?

A: User trust determines whether people follow the approved path or bypass it. If employees experience support as adversarial, they are more likely to create workarounds, ignore guidance, or delay reporting problems. Trust is therefore not a cultural extra. It is a condition for access governance to function consistently.

Q: What do security teams get wrong about helpdesk efficiency?

A: They often treat faster closure as the goal, when the real objective is durable resolution with policy compliance intact. A helpdesk can be efficient and still damage governance if it pushes users away from formal identity processes. Good efficiency improves adoption, not just throughput.

Q: How should organisations measure values-driven IT?

A: Measure whether service interactions improve completion of identity tasks, reduce repeat issues, and increase confidence in access processes. Good metrics connect service quality to governance outcomes, not just ticket counts. If the team is faster but users are still frustrated, the programme has only changed its pace, not its effectiveness.

Technical breakdown

Why scarcity mindset breaks identity service delivery

A scarcity mindset treats time, attention, and support as assets to defend, so every request becomes a cost to minimise. In identity operations, that creates brittle approval flows, delayed access decisions, and service desks that optimise for closure rather than resolution. The result is not just poor employee experience. It is weaker governance because frustrated users route around controls, while teams lose the trust needed to enforce access policy consistently. Practical implication: measure support success by enablement quality and policy compliance, not just ticket volume.

Practical implication: measure support success by enablement quality and policy compliance, not just ticket volume.

How values-driven support changes identity lifecycle operations

Values-driven IT shifts the operating model from transactional handling to lifecycle stewardship. In identity programmes, that means access provisioning, recertification, offboarding, and exception handling are all judged by whether they reduce friction without weakening control. The key change is that support and governance stop being separate goals. Service quality becomes part of control effectiveness because users are more likely to follow identity processes that feel timely, respectful, and predictable. Practical implication: align service desk metrics with joiner-mover-leaver outcomes and access review completion.

Practical implication: align service desk metrics with joiner-mover-leaver outcomes and access review completion.

Trust is an identity control multiplier, not a soft metric

Trust matters because identity governance depends on voluntary cooperation as much as technical enforcement. Employees who experience IT as a partner are more likely to comply with MFA prompts, request access through approved channels, and surface problems before they become incidents. That does not make trust a substitute for control. It makes trust the condition that allows controls to work at scale. Practical implication: treat user trust as an operational input to IAM adoption, especially where policy enforcement depends on repeated human action.

Practical implication: treat user trust as an operational input to IAM adoption, especially where policy enforcement depends on repeated human action.

NHI Mgmt Group analysis

Scarcity-led IT is a governance failure because it optimises internal convenience over identity reliability. When support teams are rewarded for closing tickets quickly, they often create delays, workarounds, and resentment that erode control adherence. That pattern matters across IAM and lifecycle operations because weak service trust drives shadow processes and bypass behaviour. The practical conclusion is that governance quality collapses when the service model itself is adversarial.

Values-driven IT is the operational expression of identity trust. In human IAM, the way support is delivered shapes whether users follow access processes or look for shortcuts. In NHI and autonomous programmes, the same principle applies through stewardship, even if the actor is not human. The field should stop treating empathy as soft culture work and start treating it as an enabling condition for policy compliance.

Service desk design is part of access governance, not a separate function. A team that absorbs user friction well can enforce stricter controls without losing cooperation, while a team that behaves transactionally will struggle even with good policy. This is why IAM maturity is not only about stronger controls but also about whether those controls are experienced as fair, predictable, and usable. Practitioners should judge governance by whether people can actually stay inside the intended process.

Identity programmes fail when they manage scarcity instead of capability. The article’s core lesson is that a business cannot modernise access governance while its enabling teams act like bottlenecks. That is especially true where recertification, offboarding, and exception handling already demand cross-functional trust. The practitioner takeaway is to design identity operations as a relationship discipline, not just a control mechanism.

From our research:

• 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to the 2026 Infrastructure Identity Survey.
• Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption.
• The governance question is moving beyond support experience, so review Ultimate Guide to NHIs , Key Challenges and Risks for the access-risk patterns that values-driven operations must still control.

What this signals

Values-driven identity operations are becoming a control requirement, not a culture preference. As service quality influences whether users comply with IAM processes, teams need to treat friction as a risk signal. That makes the service desk part of the identity control plane, especially where approvals, reviews, and offboarding depend on user participation.

With 70% of organisations granting AI systems more access than human employees, the pressure on access governance is already structural, and a service model built on scarcity will not scale into agentic workflows.

Trust debt: when support processes repeatedly optimise for internal convenience, organisations accumulate hidden resistance that later appears as shadow IT, bypassed reviews, and weak policy adherence. The practical signal is simple: if identity controls are technically sound but socially unpopular, governance will degrade at the point of use.

For practitioners

• Reframe service metrics around enablement Track whether support interactions leave users able to complete identity tasks correctly, then tie that to access request quality, recertification completion, and exception reuse rates.
• Map friction points in the identity lifecycle Identify where joiner, mover, and leaver processes create recurring frustration, then remove unnecessary manual handoffs before users start bypassing approved paths.
• Train support teams for empathy plus control Use service desk coaching that pairs calm user handling with consistent identity policy execution, so better experience does not become weaker enforcement.
• Treat trust as a control dependency Review whether access reviews, MFA adoption, and offboarding rely on user cooperation, then measure whether current support behaviour helps or undermines that cooperation.

Key takeaways

• Scarcity-led IT can undermine identity governance by encouraging friction, bypasses, and distrust in the very processes meant to control access.
• Values-driven support improves more than morale because trust affects whether people follow access, recertification, and offboarding workflows.
• The right success measure is not ticket closure alone but whether identity operations are experienced as fair, predictable, and worth following.

Key terms

• Values-driven IT: An operating model for IT and identity support that prioritises employee success, trust, and long-term enablement alongside control. It treats service quality as part of governance, not as a separate customer-service function. The practical test is whether users can follow approved identity processes without feeling obstructed or adversarially managed.
• Scarcity mindset: A service posture that assumes time, attention, and support are limited assets to defend rather than capabilities to invest. In identity operations, it tends to produce reactive ticket handling, rigid approvals, and workarounds. The result is weaker trust and lower compliance with access and lifecycle processes.
• Identity lifecycle: The full set of processes that govern identity from creation through change, review, and removal. For human, NHI, and autonomous actors, lifecycle management includes provisioning, access changes, recertification, exception handling, and offboarding. Good lifecycle governance reduces friction while keeping access decisions auditable and predictable.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by JumpCloud: values-driven IT and the shift away from scarcity-led support. Read the original.