Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Disconnected apps in EMEA: what IAM teams need to fix now


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: EMEA enterprises are seeing identity and access management strain as SaaS sprawl, regulatory fragmentation, and lean teams leave many applications outside core IAM controls, according to Cerby. The result is not just higher risk but a widening operational burden that makes identity debt a governance problem, not only a security one.

NHIMG editorial — based on content published by Cerby: disconnected apps and unmanaged identities in EMEA

By the numbers:

Questions worth separating out

Q: How should security teams govern disconnected applications that sit outside core IAM?

A: Security teams should start by identifying every business-critical application that bypasses the identity provider, then assign ownership, lifecycle rules, and offboarding responsibility for each one.

Q: Why do unmanaged corporate identities create so much operational risk?

A: Unmanaged identities create risk because they force security and IT teams to rely on memory, tickets, and app-specific cleanup instead of a consistent lifecycle process.

Q: What do organisations get wrong about NHI lifecycle governance?

A: Many organisations treat bots and automation accounts as exceptions rather than as identities that need owners, purpose, and retirement.

Practitioner guidance

  • Inventory applications outside core IAM coverage Create a living register of apps that do not fully integrate with the identity provider, then rank them by business criticality, data sensitivity, and offboarding risk.
  • Measure identity-related operational drag Track helpdesk volume, offboarding duration, and unresolved access issues as identity governance metrics, not only support metrics.
  • Fold bots and automation into lifecycle control Require every non-human identity to have an owner, a purpose, and a retirement condition.

What's in the full article

Cerby's full analysis covers the operational detail this post intentionally leaves for the source:

  • Specific examples of how Israeli teams are handling app onboarding and offboarding at scale.
  • The practical workflow problems behind delayed access removal and helpdesk-heavy identity operations.
  • How brand, compliance, and delivery teams end up in conflict over new application access.
  • The article's first-hand observations from security and IT leaders working through these trade-offs.

👉 Read Cerby's analysis of disconnected apps and unmanaged identities in EMEA →

Disconnected apps in EMEA: what IAM teams need to fix now?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Disconnected apps are not an integration problem, they are an identity governance problem. Once applications operate outside the identity provider, lifecycle control becomes partial by design. That means onboarding, offboarding, and recertification lose their authoritative source of truth. The implication is that IAM programmes must be judged by coverage of business-critical apps, not by directory completeness alone.

A few things that frame the scale:

  • 88.5% of organisations acknowledge that their non-human IAM practices lag behind or are merely on par with their human identity and access management efforts, according to Aembit.
  • 23.7% of organisations share secrets through insecure methods such as email or messaging applications, according to Aembit.

A question worth separating out:

Q: How do compliance requirements change IAM planning in EMEA?

A: Compliance in EMEA raises the need for consistent identity control across regions, but it does not remove the need for operational simplicity. Teams should design access governance so it can satisfy GDPR, NIS2, and DORA expectations without creating manual workarounds that fragment control. Otherwise, regulatory complexity becomes an access management problem.

👉 Read our full editorial: Disconnected apps and unmanaged identities are reshaping EMEA IAM



   
ReplyQuote
Share: