Notifications
Clear all
Topic starter
06/06/2026 11:13 am
TL;DR: Organisations are still battling technical debt, talent gaps, vendor lock-in, visibility problems, and identity provider outages as they modernise app identity across clouds and platforms, according to Strata Identity’s state of multi-cloud research. The real issue is not whether teams can add modern protocols, but whether they can preserve governance, continuity, and control across fragmented identity fabrics.
NHIMG editorial — based on content published by Strata Identity: App Identity Modernization and the identity fabric playbook
Questions worth separating out
Q: How should security teams govern app identity modernization across multi-cloud environments?
A: Security teams should govern app identity modernization by treating it as a lifecycle and dependency issue, not a one-time migration.
Q: Why does modern authentication not solve identity governance by itself?
A: Modern authentication improves how access is established, but it does not control how identity is orchestrated across legacy apps, cloud platforms, and workload accounts.
Q: What breaks when identity provider sprawl is not controlled?
A: When identity provider sprawl is not controlled, teams lose consistency in policy enforcement, recovery paths become harder to test, and audit trails fragment across systems.
Practitioner guidance
- Map identity fabric dependencies Catalogue which applications depend on which identity providers, orchestration layers, and federation paths so you can see where a single failure would affect many services.
- Classify legacy exceptions as temporary risks Separate deliberate transitional exceptions from permanent one-off integrations, then set an expiry and owner for each exception so technical debt does not become policy.
- Test identity outage recovery Run failure tests against identity provider outages, broken federation links, and fallback access paths to verify that critical applications remain recoverable under pressure.
What's in the full article
Strata Identity's full report covers the operational detail this post intentionally leaves for the source:
- Original survey findings on multi-cloud identity debt, vendor lock-in, and outage pain points across the enterprise.
- Practical guidance for IAM leaders managing application migration without rewriting every app at once.
- Examples of how modern identity orchestration changes access patterns across legacy and cloud platforms.
- Context on how to communicate modernization trade-offs to business and platform stakeholders.
👉 Read Strata Identity's report on app identity modernization and multi-cloud identity debt →
App identity modernization: what is holding enterprise IAM back?
Explore further
06/06/2026 11:53 am
App identity modernization is really a governance and dependency problem, not a protocol problem. Modern identity standards can reduce friction, but they do not erase the operational debt created by legacy applications, multiple identity providers, and cloud-specific access patterns. The challenge is the identity fabric itself, which can become another layer of coupling if teams treat orchestration as a substitute for architecture. Practitioners should judge modernisation by how much dependency it removes, not how many integrations it adds.
A few things that frame the scale:
- 35.6% of organisations cite managing consistent access across hybrid and multi-cloud environments as their top NHI security challenge, according to the 2024 Non-Human Identity Security Report.
- Only 19.6% of security professionals express strong confidence in their organisation's ability to securely manage non-human workload identities, which shows how fragile confidence remains in practice.
A question worth separating out:
Q: What is the difference between identity orchestration and application rewriting?
A: Identity orchestration connects existing applications to modern identity controls without changing the app code, while rewriting changes the application itself. Orchestration is usually faster and less disruptive, but it can also preserve hidden coupling if teams do not retire legacy dependencies. Rewriting is heavier, but sometimes it is the cleaner long-term control decision.
👉 Read our full editorial: App identity modernization is still blocked by identity fabric debt
