Notifications
Clear all
Topic starter
14/05/2026 4:09 pm
TL;DR: SailPoint’s May 19-21 virtual events split identity security into two tracks, one for strategy and one for technical execution, with leaders, analysts, customers, engineers, APIs, and hands-on guidance all framed around securing the next era of AI and identity. The real signal is that identity programs now need separate operating rhythms for governance and builder enablement.
NHIMG editorial — here’s why we think this discussion matters
By the numbers:
- Both IdentityTV 2026 and Developer Days 2026 are 100% virtual events.
- IdentityTV 2026 is a 3-hour global broadcast for business, security, and IT leaders.
- Developer Days 2026 is a free, 2-day virtual event for developers and builders.
Questions worth separating out
Q: How should security teams split identity governance from implementation work?
A: Security teams should use governance forums to define acceptable risk, ownership, and access policy, then use engineering forums to turn those decisions into workflows, APIs, and enforcement.
Q: Why do non-human identities change identity security planning?
A: Non-human identities change planning because they often hold production privilege, move faster than human review cycles, and are harder to see in standard access governance.
Q: What is the difference between strategic identity events and technical identity events?
A: Strategic identity events focus on risk, business priorities, and operating model decisions, while technical identity events focus on implementation, APIs, workflows, and integration patterns.
Practitioner guidance
- Map identity content to audience and decision level Use strategy sessions for governance, risk, and roadmap decisions, then reserve technical sessions for API design, workflow automation, and enforcement patterns.
- Include non-human identities in every identity programme review Review service accounts, API keys, tokens, certificates, and AI agent access alongside human identity controls.
- Tie automation to lifecycle controls Make provisioning, rotation, and offboarding part of the same operating model so that automation does not outpace governance.
That is especially true as autonomous agents enter the environment and require tighter control over tool access and delegated authority?
👉 Register for SailPoint's virtual events on identity strategy and developer execution →
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
14/05/2026 7:00 pm
A few things worth adding from our research at NHI Mgmt Group.
Identity programmes are now bifurcated between governance and build-time execution. That split is not a marketing choice, it is a reflection of how IAM and NHI environments actually fail. Leaders need risk framing, while engineers need implementation detail, and the absence of either leaves a control gap. The practitioner lesson is to align executive policy with delivery mechanisms before scale makes the gap permanent.
A few things that frame the scale:
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which means the majority are managing NHI risk with incomplete inventory data.
A question worth separating out:
Q: How can organisations prepare identity programmes for AI-enabled access?
A: Organisations should treat AI-enabled access as governed execution authority, not just another login path. That means defining scoping rules, approval conditions, telemetry requirements, and revocation triggers before agents are allowed to act, especially where they can invoke tools or touch sensitive systems.
👉 Read our full editorial: IdentityTV and Developer Days 2026 split strategy from execution
