Notifications
Clear all
Topic starter
25/06/2026 5:21 pm
TL;DR: Annual or quarterly access certifications often arrive too late to spot risky entitlements, encourage rubber-stamping, and leave too many revocations undone, according to SailPoint. A proactive model that combines analytics, context, and automation shifts identity security from retrospective compliance to faster, more informed access decisions.
NHIMG editorial — based on content published by SailPoint: Rethinking the Identity Security Paradigm: Three Ways to Stay Ahead of Identity-related Threats
By the numbers:
- Only 5.7% of organisations have full visibility into their service accounts.
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
- 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage.
Questions worth separating out
Q: How should security teams reduce access risk without relying on annual certifications?
A: Use continuous identity analytics, context-rich review workflows, and automated remediation for routine cases.
Q: Why do access certifications often fail to improve real security outcomes?
A: They fail when the process measures completion instead of correction.
Q: How can organisations tell whether identity governance is actually working?
A: Look at whether risky access is identified early, whether approvers receive enough context to make defensible decisions, and whether revocation happens promptly after a risk is found.
Practitioner guidance
- Shorten certification cycles where risk is highest Move from uniform annual or quarterly campaigns to risk-based review cadences for privileged, sensitive, and high-change entitlements.
- Add context to every access decision Pair anomalies with role, peer, and entitlement history so approvers can see why access looks unusual.
- Automate repetitive remediation paths Trigger manager notification, mini-certification, or disablement when predefined score thresholds are crossed.
What's in the full article
SailPoint's full blog covers the operational detail this post intentionally leaves for the source:
- Identity Outlier Score workflow logic and how thresholding drives review action
- Contextual Insights examples showing how approvers are given business context for access anomalies
- SaaS Workflow templates for routing mini-certifications, manager emails, or access disablement
- Persona-based dashboard views in the Access Intelligence Center for auditors and sponsors
👉 Read SailPoint's analysis of proactive identity security and access decisions →
Access certifications are not enough. What should teams do instead?
Explore further
25/06/2026 5:58 pm
Backward-looking certification is a weak control when identity risk changes continuously. The article is right to challenge annual and quarterly review cycles because they measure historical approval, not present-day legitimacy. Access drift, role change, and entitlement sprawl all happen between certification windows, so the review process often confirms yesterday’s risk. The implication is that governance programmes must treat attestation as one input, not the primary control.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
- Only 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
A question worth separating out:
Q: When should automation be used in identity governance workflows?
A: Use automation when the decision is repetitive, threshold-driven, and well understood, such as notifying managers, initiating mini-reviews, or disabling clearly risky access. Keep humans focused on ambiguous cases that require business judgment. The goal is faster containment, not removing accountability from the process.
👉 Read our full editorial: Identity security needs proactive access decisions, not annual reviews
