Identity governance for digital sovereignty: what changes for teams?

TL;DR: Omada and adesso say their continued collaboration is aimed at improving identity governance, compliance, and operational efficiency for regulated organisations in the DACH region, while supporting sovereign control over access, auditability, and resilience, according to Omada Identity. The real lesson is that identity governance now sits at the centre of sovereignty programmes, cloud adoption, and AI readiness.

NHIMG editorial — based on content published by Omada Identity: the continued adesso and Omada collaboration on identity management and digital sovereignty

By the numbers:

• Only 5.7% of organisations have full visibility into their service accounts.
• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
• 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage.

Questions worth separating out

Q: How should organisations govern access when sovereignty and compliance are both priorities?

A: They should treat identity governance as an evidence-producing control layer.

Q: Why do orphaned and over-privileged accounts remain such a persistent risk?

A: Because they are created by process drift, not just technical failure.

Q: What should identity teams measure to know if lifecycle governance is working?

A: They should measure whether access is granted and removed on the correct business events, whether every entitlement has a current owner, and whether review findings are actually remediated.

Practitioner guidance

• Tie access to business events Require provisioning and revocation to follow joiner-mover-leaver events, supplier changes, and project end dates, with evidence that the entitlement was actually removed.
• Inventory orphaned and over-privileged accounts Run a focused review for accounts without an active owner, accounts with unused access, and accounts carrying permissions far beyond their current role.
• Strengthen audit-ready lifecycle evidence Store approval, ownership, review, and revocation artefacts in a way that can be produced quickly for regulators, internal audit, and incident response.

What's in the full article

Omada Identity's full article covers the operational detail this post intentionally leaves for the source:

• How the Omada and adesso partnership is positioned for regulated DACH and KRITIS-style environments.
• The vendor’s own explanation of how its cloud-native IGA approach supports compliance and traceability in practice.
• The partner-specific framing of efficiency gains, implementation resources, and deployment support.
• The full corporate context behind adesso’s highest Omada partner level and the intended customer segments.

👉 Read Omada Identity's article on the adesso partnership and identity governance strategy →

Identity governance for digital sovereignty: what changes for teams?

Explore further

View Full Forum →  |  NHI Foundation Course →