Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Identity governance clarity gaps: what IAM teams need to know


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9271
Topic starter  

TL;DR: Identity governance often fails because teams cannot quickly explain why access exists, what changed, or which relationships produced it, according to Clear Skye. The core problem is not execution speed but the ability to see, trace, and defend access decisions at scale.

NHIMG editorial — based on content published by Clear Skye: Identity Governance Doesn’t Have an Automation Problem. It Has an Understanding Problem

By the numbers:

Questions worth separating out

Q: How should identity teams handle access reviews when evidence is scattered across multiple systems?

A: Start by treating evidence correlation as part of the control, not a side task.

Q: Why do identity governance programmes struggle even when automation is already in place?

A: Automation speeds up workflow, but it does not create understanding.

Q: What breaks when access decisions cannot be explained later?

A: Auditability breaks first, followed by trust in the governance process.

Practitioner guidance

  • Inventory the evidence chain behind high-risk access Document which approvals, group memberships, inherited roles, and lifecycle events explain each privileged entitlement before the next access review cycle.
  • Separate evidence assembly from approval authority Allow AI and automation to gather relationships, changes, and policy context, but keep the final decision with a named reviewer who can explain the outcome later.
  • Unify lifecycle and governance signals Bring joiner, mover, leaver events, entitlement changes, and incident context into the same operational view so access can be traced without manual reconstruction.

What's in the full article

Clear Skye's full article covers the operational detail this post intentionally leaves for the source:

  • How Clear View AI is positioned inside the ServiceNow platform and where it sits in the identity workflow.
  • The specific identity governance use cases the vendor says the feature supports, including review and investigation workflows.
  • How the vendor describes read-only intelligence, transparency, and human-in-the-loop operation in practice.
  • The product framing behind Clear Skye IGA 5.4 and the surrounding AI capability set.

👉 Read Clear Skye's analysis of why identity governance needs understanding, not more automation →

Identity governance clarity gaps: what IAM teams need to know?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8712
 

Identity governance has become a clarity problem before it is an automation problem. The governing issue is not whether teams can trigger workflows, but whether they can explain the access decision itself. When approvals, entitlements, and change history are scattered, the programme loses its ability to defend access under audit or incident pressure. The practitioner conclusion is that governance maturity now depends on reconstructable truth, not process volume.

A few things that frame the scale:

  • Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
  • Another finding from our research shows that 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.

A question worth separating out:

Q: Who is accountable when AI helps surface identity decisions but humans still approve them?

A: The human approver remains accountable for the decision, while the programme owner is accountable for the quality of the evidence and the boundaries placed around AI assistance. AI can assist with correlation and explanation, but it should not become the final authority over access.

👉 Read our full editorial: Identity governance needs understanding, not more automation



   
ReplyQuote
Share: