IT process automation tools and the governance gap teams miss

TL;DR: IT process automation tools can reduce manual work and errors, but they also expand the identity surface by creating more service accounts, secrets, and delegated access paths than many governance programmes can see or control, according to Zluri. That means automation strategy now has to be treated as identity strategy, not just operations efficiency.

NHIMG editorial — based on content published by Zluri: Automation Top 14 IT Process Automation Tools To Try In 2026

By the numbers:

• Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
• Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security.
• 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.

Questions worth separating out

Q: How should security teams govern IT process automation tools without slowing operations?

A: Govern automation by the identities it uses, not by the tasks it performs.

Q: Why do IT process automation tools create NHI risk?

A: They create NHI risk because they rely on non-human identities that often have standing credentials, broad permissions, and weak lifecycle controls.

Q: What breaks when automation credentials are not rotated or offboarded?

A: The failure is usually not immediate outage but long-lived, invisible access.

Practitioner guidance

• Inventory automation identities List every service account, API key, certificate, and token used by IT process automation tools, then assign an owner and a retirement date for each one.
• Scope workflows to minimum necessary privilege Review orchestration and RPA paths to ensure each workflow can only reach the systems and actions it genuinely needs for its intended task.
• Separate high-impact automation from routine tasks Isolate infrastructure automation that can create, delete, or modify access from low-risk workflow automation, and subject the high-impact paths to stricter approval and monitoring.

What's in the full article

Zluri's full blog covers the operational detail this post intentionally leaves for the source:

• Side-by-side feature summaries for 14 automation tools, useful when you are comparing orchestration, RPA, and infrastructure automation options.
• Tool-level capability breakdowns that show where workflow automation, CI/CD automation, and configuration management differ in practice.
• Implementation-oriented feature lists for teams that need to match a tool to an automation use case rather than an identity governance requirement.
• Product-specific positioning that can help teams narrow a shortlist after they have defined the access model and lifecycle controls.

👉 Read Zluri's guide to the top 14 IT process automation tools in 2026 →

IT process automation tools and the governance gap teams miss?

Explore further

View Full Forum →  |  NHI Foundation Course →