Notifications
Clear all
Topic starter
25/06/2026 10:25 pm
TL;DR: Access management and runtime controls are the focus of a live briefing on current identity and security priorities, giving practitioners a chance to hear how the vendor frames these issues and what questions that raises for governance, operations, and access policy design, according to ASPG.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should security teams govern access across human and non-human identities?
A: They should align approval, entitlement, review, and revocation to the identity type and the risk of the workload.
Q: When does access management become a lifecycle problem rather than an approval problem?
A: It becomes a lifecycle problem when the main risk is not initial access, but what happens after access is granted.
Practitioner guidance
- Review your access governance model Check whether approval, entitlement, and revocation decisions are aligned to the identity type being governed, especially where service accounts or shared operational accounts are involved.
- Test session-level privilege boundaries Verify that privileged access is constrained during execution, not only at assignment, so that a live session cannot inherit more authority than the task requires.
- Map lifecycle controls to actual use Confirm that provisioning, review, rotation, and offboarding are operating as one lifecycle, rather than as disconnected administrative steps.
What to expect at the briefing
ASPG's full event listing covers the live webinar details this post intentionally leaves at a higher level:
- The webinar registration and attendance details for practitioners who want to join the live session.
- The event-specific agenda or talking points that frame Greg Boyd's discussion.
- The practical context behind ASPG's access management messaging for attendees evaluating current controls.
- The live event format and timing for teams deciding whether to follow along in real time.
👉 Register for ASPG's guest webinar on access management and identity controls →
Guest webinar on access management controls and identity risk?
Explore further
25/06/2026 10:56 pm
Identity governance discussions are increasingly about runtime control, not just access approval. Traditional approval flows answer who gets access, but they do not fully answer how long access should remain valid once work begins. That distinction is now central for both human and non-human identity programmes. Practitioners should treat this as a governance design issue, not a tooling preference.
A few things that frame the scale:
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, according to The State of Secrets in AppSec.
A question worth separating out:
Q: Who is accountable when access controls fail during live operations?
A: Accountability should sit with the identity governance and control owners, not only with the operations team using the account. If access is too broad, too persistent, or too hard to revoke, that is a governance failure. The right frameworks expect those controls to be owned, reviewed, and enforced.
👉 Read our full editorial: Guest webinar on identity access management and runtime controls
