Notifications
Clear all
Topic starter
14/05/2026 6:12 pm
TL;DR: APJ identity and access management demand is projected to more than double by 2030 as organisations modernise security, support hybrid work, and move cloud-first, according to Saviynt. That trajectory makes identity governance a board-level operating issue, not just an access administration function.
NHIMG editorial — what this means for NHI practitioners
By the numbers:
- The Asia Pacific identity and access management market could more than double in size by 2030.
- Only 5.7% of organisations have full visibility into their service accounts.
- NHIs outnumber human identities by 25x to 50x in modern enterprises.
Questions worth separating out
Q: How should organisations govern non-human identities alongside workforce IAM?
A: They should place non-human identities in the same governance model as workforce access, but with controls designed for machine behaviour.
Q: Why does identity strategy matter more as organisations scale cloud and AI adoption?
A: Because cloud and AI increase the number of identities that must be trusted, monitored, and revoked.
Q: What is the difference between workforce IAM and NHI governance?
A: Workforce IAM manages human access through joiner-mover-leaver processes, authentication policy, and role reviews.
Practitioner guidance
- Reconcile human and non-human identity inventories Map service accounts, API keys, certificates, and AI agent credentials into the same inventory as workforce identities so ownership and review cadence are visible in one place.
- Tie regional identity strategy to lifecycle controls Define provisioning, review, rotation, and offboarding standards that apply across APJ business units so local variance does not create inconsistent access handling.
- Measure privilege sprawl before scaling access coverage Establish baseline metrics for excess privileges, dormant accounts, and orphaned credentials so programme expansion is matched by reduced blast radius.
Teams that cannot tie identity data back to clear ownership will struggle to prove control effectiveness?
👉 Read Saviynt's announcement on its APJ Field CTO appointment →
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
14/05/2026 6:13 pm
Identity is becoming the enterprise control plane because business execution now depends on access decisions everywhere. When organisations say identity is strategic, they usually mean authentication is no longer the main problem. The real issue is coordinating policy across cloud apps, workloads, third-party access, and AI-driven automation. Practitioners should treat that as a governance architecture question, not a product category choice.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
- Another 71% of NHIs are not rotated within recommended time frames, which keeps dormant trust alive far longer than most teams expect.
A question worth separating out:
Q: Should security teams re-evaluate identity tooling when regional demand accelerates?
A: Yes, because growth exposes whether tools can handle governance at scale or only support basic provisioning. Teams should re-check coverage for non-human identities, privileged access, audit evidence, and cross-region consistency. If a platform cannot support those needs, the issue is not feature depth but operating model fit.
👉 Read our full editorial: APJ IAM growth is pushing identity into the core security plane
