Brazilian identity governance: what this partnership means for IAM teams

TL;DR: Enterprises facing a tougher regulatory environment are seeing identity governance move closer to local delivery models, with visibility, lifecycle discipline, and auditability mattering more than feature breadth, as Nexis and Netbr bring the NEXIS Platform to Brazil with role mining, role lifecycle governance, AI-assisted access reviews, and cross-system compliance controls, according to Nexis.

NHIMG editorial — what this means for NHI practitioners

By the numbers:

• Only 5.7% of organisations have full visibility into their service accounts.
• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
• 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.

Questions worth separating out

Q: How should IAM teams govern access reviews across multiple systems?

A: They should define one accountable review owner, one evidence standard, and one remediation path that applies across every connected directory, SaaS platform, and on-prem system.

Q: What breaks when role mining is used without role lifecycle governance?

A: Role mining can reveal how access is actually used, but without lifecycle governance those findings quickly become stale recommendations.

Q: When should organisations prioritise access review automation over manual certification?

A: Organisations should automate prioritisation when reviewer load is too high to inspect every entitlement in full.

Practitioner guidance

• Map role mining to role ownership Assign clear owners to mined roles so every role has a lifecycle path for review, update, and retirement across the estate.
• Test cross-system evidence propagation Verify that an access approval, change, or revocation appears in every downstream system that consumes the identity record.
• Separate review assistance from approval authority Use AI-assisted review to prioritise anomalies, but keep access certification decisions tied to named reviewers and auditable evidence.

What's in the full announcement

Nexis's full post covers the operational detail this post intentionally leaves for the source:

• The specific NEXIS Platform capabilities for role mining and role lifecycle governance in the Brazilian market.
• The access review and compliance workflow details that practitioners would need to assess implementation fit.
• The local partner model and market positioning that explain how the partnership is expected to be delivered.
• The regulated-industry focus and implementation context that sit behind the announcement.

👉 Read Nexis's announcement on identity governance for the Brazilian market →

Brazilian identity governance: what this partnership means for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →