Cloud application gateways: are your IGA controls keeping up?

TL;DR: Identity governance programmes can stall when rigid networks, VPNs, and firewall approvals prevent core applications from being connected, leaving systems outside oversight and audit coverage, according to Omada Identity. The connectivity problem is not operational trivia, it is a governance failure mode that turns Zero Trust and compliance goals into delayed outcomes.

NHIMG editorial — based on content published by Omada Identity: Securing and Scaling Identity Governance with the Cloud Application Gateway

Questions worth separating out

Q: How should security teams handle IGA when key applications sit behind rigid network controls?

A: Treat connectivity as a gating requirement for governance coverage.

Q: Why do VPN-based integrations weaken modern identity governance programmes?

A: VPNs often restore access by extending network trust rather than scoping access to the application.

Q: What breaks when identity governance cannot reach legacy and core systems?

A: Access reviews, entitlement discovery, and compliance evidence all become partial.

Practitioner guidance

• Map governance scope to reachable systems first Inventory which applications, databases, and core platforms cannot be governed today because of segmentation, firewall policy, or authentication constraints.
• Prefer outbound-only integration patterns Select governance connectivity models that initiate outbound HTTPS connections and avoid inbound firewall openings where possible.
• Require enterprise-controlled cryptographic custody Verify that any gateway or connector supports customer-managed encryption keys and a clear custody model.

What's in the full article

Omada Identity's full blog covers the operational detail this post intentionally leaves for the source:

• How the Cloud Application Gateway is deployed close to target systems in hybrid environments
• How outbound-only HTTPS connectivity is positioned to reduce inbound exposure and network approvals
• How customer-managed encryption keys are handled in supported vault integrations
• How the gateway is described as fitting into larger IGA rollout planning and execution

👉 Read Omada Identity's analysis of the Cloud Application Gateway for IGA connectivity →

Cloud application gateways: are your IGA controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →