Notifications
Clear all
Topic starter
08/06/2026 4:33 pm
TL;DR: Identity governance build costs can run to more than three times the cost of buying over five years, with hidden engineering, integration, and maintenance overhead compounding the gap, according to ConductorOne. The bigger issue is that custom IGA often scales around today’s users, not tomorrow’s mix of human, non-human, and AI identities.
NHIMG editorial — based on content published by ConductorOne: Build vs. Buy for IGA: Why C1 Wins Every Time
Questions worth separating out
Q: How should teams decide whether to build or buy identity governance?
A: Teams should compare five-year total cost, connector effort, policy maintenance, and the business value of engineering time.
Q: Why does custom identity governance break down as identity sprawl grows?
A: Custom IGA breaks down because every new application, entitlement pattern, and identity type adds more schema, policy, and integration work.
Q: What should security teams evaluate in an IGA platform before adoption?
A: They should test whether the platform can model relationships across identities, resources, and entitlements, and whether it can enforce policy across the systems that matter most.
Practitioner guidance
- Quantify the true cost of ownership Model engineering time, infrastructure, connector upkeep, testing, and ongoing change management over at least five years.
- Inventory identity types before choosing an IGA model Map where human accounts, service accounts, tokens, and AI-driven identities already exist, then test whether the proposed governance approach can represent all of them without special-case code.
- Test connector depth against real systems Validate whether the platform can govern your highest-risk applications, cloud services, and on-prem systems without custom engineering for every change.
What's in the full article
ConductorOne's full blog covers the operational detail this post intentionally leaves for the source:
- Five-year cost breakdowns that separate engineering, infrastructure, and maintenance overhead.
- Examples of pre-built connector coverage across SaaS, cloud, and on-prem systems.
- Automation scenarios such as conditional approvals, just-in-time access, and usage-based revocation.
- The vendor's own view of AI-era identity governance scope and platform fit.
👉 Read ConductorOne's analysis of build versus buy for identity governance →
Build vs buy for identity governance: where teams get it wrong?
Explore further
08/06/2026 6:15 pm
Build-versus-buy in IGA is really a control ownership decision, not a procurement preference. Once an organisation builds its own governance layer, it inherits the full burden of connectors, policy maintenance, exception handling, and lifecycle upkeep. That burden grows as identity types multiply across humans, service accounts, and AI-enabled systems. The implication is that governance maturity is constrained by the organisation’s appetite to own a long-lived control surface.
A few things that frame the scale:
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, according to Ultimate Guide to NHIs.
- 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage.
A question worth separating out:
Q: How does identity governance change when AI identities enter the mix?
A: AI identities force governance teams to manage more subjects, more access paths, and more change than human-only programmes were designed for. That means data models, approvals, and automation have to scale beyond workforce assumptions. Organisations should plan for identity diversity now, because AI growth will expose governance designs that were built for a smaller world.
👉 Read our full editorial: Build vs buy for IGA: what practitioners should weigh
