Notifications
Clear all
Topic starter
22/06/2026 3:42 pm
TL;DR: Most enterprises are still running identity on architectures built for single-domain, on-premises environments, even as cloud, partner access, and AI agent integration demand dynamic permissions, contextual authorization, and faster onboarding, according to EmpowerID. The strategic shift is no longer optional because identity now determines how quickly digital initiatives can scale and how safely they can change.
NHIMG editorial — based on content published by EmpowerID: Identity Architecture and Digital Strategy Convergence
By the numbers:
- 73% of organizations still rely on identity architectures designed for single-domain, on-premises environments.
- A Fortune 500 financial services firm implemented JIT access and transformed their new account opening process from 3 days to 4 hours.
- This convergence eliminates integration complexity while delivering proven operational benefits like 95% faster provisioning and measurable cost savings.
Questions worth separating out
Q: How should security teams reduce identity bottlenecks in cloud and AI programmes?
A: Start by tracing where identity controls slow delivery, not just where they block attacks.
Q: Why do static identity models struggle in multi-cloud and partner environments?
A: Static models assume stable roles, stable systems, and predictable access durations.
Q: How do you know if just-in-time access is actually improving governance?
A: Look for shorter privilege duration, fewer standing exceptions, and faster completion of high-friction workflows such as onboarding or privileged change requests.
Practitioner guidance
- Map identity bottlenecks to delivery delays Identify where onboarding, partner access, and privileged workflows are delaying cloud, data, or AI programmes.
- Replace standing privilege with task-scoped access Use just-in-time access for high-risk and short-duration work, especially where privileged actions are repeatable but not continuous.
- Modernise authorization around context, not roles alone Blend role-based access for stable duties with attribute-based and relationship-based policy for changing business conditions.
What's in the full article
EmpowerID's full analysis covers the operational detail this post intentionally leaves for the source:
- The implementation sequence for converging identity governance, privileged access, and customer identity into one operating model.
- The specific policy design choices behind hybrid RBAC and ABAC deployments in dynamic environments.
- The business-metric approach used to judge identity modernisation against onboarding speed and deployment velocity.
- The practical framing for AI agent identity management as organisations move beyond human-only access models.
👉 Read EmpowerID's analysis of how identity architecture shapes digital strategy →
Identity architecture and digital strategy: where is your bottleneck?
Explore further
22/06/2026 3:46 pm
Identity architecture has become a business strategy dependency, not an IT back office function. The article is right to frame identity as the control layer that determines whether cloud migration, AI integration, and partner expansion can move at all. Once identity is the point where every access request is slowed, exceptions accumulate and digital strategy inherits the latency of governance. The practitioner conclusion is simple: identity architecture now shapes programme speed as directly as application design does.
A few things that frame the scale:
- 67% of organisations still rely heavily on static credentials despite the risks they pose to agentic AI deployments, according to The 2026 Infrastructure Identity Survey.
- 52% of respondents see AI security decision-making power shifting toward platform and infrastructure teams rather than the executive suite.
A question worth separating out:
Q: What is the difference between role-based access and contextual authorization?
A: Role-based access assigns permissions based on a stable job or function, while contextual authorization evaluates current conditions such as device, time, location, and business need. In modern environments, roles remain useful for baseline structure, but context is what makes access safe enough for distributed and fast-changing work.
👉 Read our full editorial: Identity architecture is now the bottleneck in digital strategy
