Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Identity governance for digital sovereignty: what changes for teams?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: Omada and adesso say their continued collaboration is aimed at improving identity governance, compliance, and operational efficiency for regulated organisations in the DACH region, while supporting sovereign control over access, auditability, and resilience, according to Omada Identity. The real lesson is that identity governance now sits at the centre of sovereignty programmes, cloud adoption, and AI readiness.

NHIMG editorial — based on content published by Omada Identity: the continued adesso and Omada collaboration on identity management and digital sovereignty

By the numbers:

Questions worth separating out

Q: How should organisations govern access when sovereignty and compliance are both priorities?

A: They should treat identity governance as an evidence-producing control layer.

Q: Why do orphaned and over-privileged accounts remain such a persistent risk?

A: Because they are created by process drift, not just technical failure.

Q: What should identity teams measure to know if lifecycle governance is working?

A: They should measure whether access is granted and removed on the correct business events, whether every entitlement has a current owner, and whether review findings are actually remediated.

Practitioner guidance

  • Tie access to business events Require provisioning and revocation to follow joiner-mover-leaver events, supplier changes, and project end dates, with evidence that the entitlement was actually removed.
  • Inventory orphaned and over-privileged accounts Run a focused review for accounts without an active owner, accounts with unused access, and accounts carrying permissions far beyond their current role.
  • Strengthen audit-ready lifecycle evidence Store approval, ownership, review, and revocation artefacts in a way that can be produced quickly for regulators, internal audit, and incident response.

What's in the full article

Omada Identity's full article covers the operational detail this post intentionally leaves for the source:

  • How the Omada and adesso partnership is positioned for regulated DACH and KRITIS-style environments.
  • The vendor’s own explanation of how its cloud-native IGA approach supports compliance and traceability in practice.
  • The partner-specific framing of efficiency gains, implementation resources, and deployment support.
  • The full corporate context behind adesso’s highest Omada partner level and the intended customer segments.

👉 Read Omada Identity's article on the adesso partnership and identity governance strategy →

Identity governance for digital sovereignty: what changes for teams?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Identity governance has become a sovereignty control, not just an IAM discipline. The article frames identity management as a prerequisite for digital sovereignty, and that framing is directionally correct. When access decisions determine whether organisations can prove control, compliance, and traceability, governance becomes part of national, sector, and enterprise resilience. Practitioners should stop treating IGA as an administrative layer and start treating it as an evidence-producing control plane.

A few things that frame the scale:

  • 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
  • Only 5.7% of organisations have full visibility into their service accounts, which shows why lifecycle evidence remains hard to produce at scale.

A question worth separating out:

Q: How do identity governance programmes support digital sovereignty in practice?

A: By making access decisions transparent, reviewable, and enforceable across the full identity lifecycle. The practical test is whether the organisation can prove control over identities, demonstrate compliance, and remove access when the business need ends. Without that, sovereignty claims do not survive scrutiny.

👉 Read our full editorial: Omada and adesso extend identity governance partnership in DACH



   
ReplyQuote
Share: