Contextual risk insights and access reviews: what changes now?

TL;DR: Static identity data alone cannot support reliable access governance because it misses how access is actually used, according to Zluri’s article on contextual risk insights. Pairing contextual signals such as usage, location, inactivity, and privilege with identity records improves joiner, mover, and leaver decisions, audit quality, and revocation accuracy.

NHIMG editorial — based on content published by Zluri: Access Management Role of Contextual Risk Insights in Identity Governance

By the numbers:

• Only 5.7% of organisations have full visibility into their service accounts.
• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
• 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage.

Questions worth separating out

Q: How should security teams use contextual risk insights in access reviews?

A: Security teams should combine static identity attributes with contextual signals such as usage, location, device trust, and recency of activity.

Q: When should organisations revoke access based on context rather than role alone?

A: Organisations should revoke or step down access when context shows the entitlement is no longer needed, for example when an account is inactive, the user is operating from an untrusted location, or the access no longer matches the current job function.

Q: What do teams get wrong about joiner, mover, and leaver automation?

A: Teams often automate lifecycle events using HR status alone and assume that is enough.

Practitioner guidance

• Add contextual signals to review workflows Incorporate usage frequency, last login, device, and location signals into access review queues so reviewers can see whether access is actively used and consistent with the entitlement request.
• Rebuild mover rules around operating context Update role-change workflows so access recalculates when geography, device trust, or work pattern changes, not only when HR attributes change.
• Trigger leaver actions on inactivity as well as exit status Remove or step down access when an account has been inactive beyond a defined threshold, even if formal offboarding has not yet occurred.

What's in the full article

Zluri's full article covers the operational detail this post intentionally leaves for the source:

• The specific workflow conditions used to combine static and contextual identity data in access review automation.
• The joiner, mover, and leaver examples showing how contextual rules change entitlement decisions.
• The dashboard-oriented approach used to surface unused access, privilege, and external-user risk.
• The practical review logic behind approving, modifying, or revoking access based on context.

👉 Read Zluri's analysis of contextual risk insights for identity governance →

Contextual risk insights and access reviews: what changes now?

Explore further

View Full Forum →  |  NHI Foundation Course →