Notifications
Clear all
Topic starter
07/06/2026 8:48 pm
TL;DR: Instacart reports eliminating standing AWS access, extending just-in-time controls to sensitive apps like Stripe, and completing nearly 70,000 automated IAM tasks while reducing access-review effort, according to ConductorOne. The real shift is not speed alone: access governance now assumes entitlement windows are ephemeral, auditable, and policy-driven rather than persistently granted.
NHIMG editorial — based on content published by ConductorOne: So Long, Standing Access: Inside Instacart’s Just-In-Time Access Playbook
By the numbers:
- 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.
- Only 5.7% of organisations have full visibility into their service accounts.
Questions worth separating out
Q: How should security teams replace standing access without slowing down work?
A: Start by identifying which entitlements are truly task-bound and which are simply inherited habit.
Q: Why do short-lived access models matter more for NHIs than traditional reviews?
A: NHIs often act faster than human review cycles can observe.
Q: What breaks when access reviews are treated as a quarterly checkbox?
A: Quarterly reviews assume access remains stable long enough to be meaningfully assessed later.
Practitioner guidance
- Replace standing access with expiry-backed entitlements Inventory privileged AWS and application access, then attach explicit expiration to every sensitive entitlement so renewal becomes the exception rather than the default.
- Move access review evidence into source control Version policy logic, approval rules, and entitlement changes in Git so auditors can inspect the control history instead of reconstructing it from tickets.
- Use usage data to define personas and renewals Analyse request patterns by team, role, and entitlement reuse, then adjust policies so frequent, low-risk requests can be handled consistently while unused access naturally falls away.
What's in the full article
ConductorOne's full blog covers the operational detail this post intentionally leaves for the source:
- The Terraform-backed policy workflow Instacart used to encode approvals, roles, and audit trails in code.
- The request and renewal paths through Slack, UI, and CLI that made the JIT programme usable for engineers and business teams.
- The entitlement scoring approach behind Gadjit, including the factors used to rank requests and support auto-approval.
- The advice Instacart shared for sequencing rollout, including dual-path adoption and persona building from usage data.
👉 Read ConductorOne's blog on Instacart’s just-in-time access playbook →
JIT access and micro-reviews: what IAM teams should copy?
Explore further
08/06/2026 8:30 am
Standing access is now the governance debt that JIT is designed to retire. Instacart’s model shows that the real problem is not slow provisioning, but the accumulation of entitlements that remain active long after the task that justified them has ended. Once access is treated as an event rather than a condition, review cycles stop being the primary control and expiry logic takes over. For practitioners, that reframes least privilege as an operating model, not a periodic cleanup exercise.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
- 71% of NHIs are not rotated within recommended time frames, increasing the risk of compromise over time.
A question worth separating out:
Q: Who is accountable when access is granted through policy-driven automation?
A: Accountability stays with the identity and governance team that owns the policy, not with the automation itself. If a workflow auto-approves or renews access, the team must still be able to explain the rule, the data inputs, and the exception path. That is what makes the control auditable rather than merely efficient.
👉 Read our full editorial: Instacart’s JIT access model shows where identity governance is heading
