Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Cloud application gateways: are your IGA controls keeping up?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: Identity governance programmes can stall when rigid networks, VPNs, and firewall approvals prevent core applications from being connected, leaving systems outside oversight and audit coverage, according to Omada Identity. The connectivity problem is not operational trivia, it is a governance failure mode that turns Zero Trust and compliance goals into delayed outcomes.

NHIMG editorial — based on content published by Omada Identity: Securing and Scaling Identity Governance with the Cloud Application Gateway

Questions worth separating out

Q: How should security teams handle IGA when key applications sit behind rigid network controls?

A: Treat connectivity as a gating requirement for governance coverage.

Q: Why do VPN-based integrations weaken modern identity governance programmes?

A: VPNs often restore access by extending network trust rather than scoping access to the application.

Q: What breaks when identity governance cannot reach legacy and core systems?

A: Access reviews, entitlement discovery, and compliance evidence all become partial.

Practitioner guidance

  • Map governance scope to reachable systems first Inventory which applications, databases, and core platforms cannot be governed today because of segmentation, firewall policy, or authentication constraints.
  • Prefer outbound-only integration patterns Select governance connectivity models that initiate outbound HTTPS connections and avoid inbound firewall openings where possible.
  • Require enterprise-controlled cryptographic custody Verify that any gateway or connector supports customer-managed encryption keys and a clear custody model.

What's in the full article

Omada Identity's full blog covers the operational detail this post intentionally leaves for the source:

  • How the Cloud Application Gateway is deployed close to target systems in hybrid environments
  • How outbound-only HTTPS connectivity is positioned to reduce inbound exposure and network approvals
  • How customer-managed encryption keys are handled in supported vault integrations
  • How the gateway is described as fitting into larger IGA rollout planning and execution

👉 Read Omada Identity's analysis of the Cloud Application Gateway for IGA connectivity →

Cloud application gateways: are your IGA controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Connectivity is now a governance control, not an infrastructure detail. Identity governance programmes fail when they assume the platform can simply reach every target system through existing network paths. That assumption breaks in hybrid estates because segmentation, firewall approvals, and legacy access rules dictate what can be governed. The implication is that coverage, not feature depth, becomes the real determinant of IGA success.

A few things that frame the scale:

A question worth separating out:

Q: Who is accountable when governance tooling cannot cover a critical application because of network constraints?

A: Accountability sits with the identity, infrastructure, and application owners together, because the failure is cross-domain. If the programme cannot connect to a system, the gap must be treated as a shared design and control issue, not a vendor limitation. That is what auditors and regulators will examine.

👉 Read our full editorial: Cloud application gateways make IGA connectivity a governance issue



   
ReplyQuote
Share: