Notifications
Clear all
Topic starter
25/06/2026 5:11 pm
TL;DR: Hershey modernised identity security after its legacy IGA system, built in 2004, became maintenance-heavy, ticket-driven, and unable to keep pace with more than 45,000 identities, 230 applications, and deprovisioning demands, according to SailPoint. The case shows that identity programmes fail when governance, HR data quality, and lifecycle execution are allowed to drift apart.
NHIMG editorial — based on content published by SailPoint: Sweet success: How Hershey modernized its identity security with SailPoint
By the numbers:
- Hershey's team often faced backlogs of 400 to 600 tickets in the queue.
Questions worth separating out
Q: How should security teams modernise a failing identity governance platform?
A: Start by identifying which lifecycle steps create the most manual effort, then separate operational backlog from governance design flaws.
Q: Why do outdated IGA systems create access risk even without a breach?
A: Outdated IGA systems create risk when they cannot keep pace with access changes, because delayed provisioning and revocation leave users over-entitled for longer than intended.
Q: What do identity teams get wrong about deprovisioning?
A: Teams often treat deprovisioning as a ticket closure instead of a control outcome.
Practitioner guidance
- Map lifecycle bottlenecks to control failures Track where joiner-mover-leaver requests pile up, where deprovisioning stalls, and which applications require manual intervention.
- Clean authoritative source data before expanding automation Validate HR records, naming standards, ownership fields, and application mappings before adding more automated provisioning.
- Replace CSV and manual fulfilment paths with connector-based flows Prioritise Active Directory groups, APIs, or equivalent connector mechanisms for provisioning and deprovisioning.
What's in the full article
SailPoint's full blog covers the operational detail this post intentionally leaves for the source:
- The phased migration approach across development, testing, and production environments.
- Stephanie Miller's practical lessons on standardising nomenclature, cleaning data, and improving role modelling.
- The application-owner guidance on replacing CSV-based fulfilment with AD groups or API connectors.
- The identity front-end changes that will add password changes and multi-factor authentication support.
👉 Read SailPoint's blog on Hershey's identity security modernisation →
Hershey’s IGA migration: what it means for identity teams?
Explore further
25/06/2026 5:44 pm
Legacy IGA failure is usually a lifecycle failure before it is a platform failure. Hershey's experience shows what happens when joiner-mover-leaver execution, password synchronisation, and deprovisioning are forced through a system that no longer matches operational scale. The result is not just user friction. It is a governance model that cannot reliably express who should have access, when access should end, or who owns the change. Practitioners should read this as a warning that lifecycle control quality degrades before the platform formally breaks.
A few things that frame the scale:
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, according to Ultimate Guide to NHIs.
- Another finding from our research shows that only 5.7% of organisations have full visibility into their service accounts, which is why identity inventory remains a first-order governance problem.
A question worth separating out:
Q: How should organisations decide whether to automate lifecycle provisioning?
A: Automate only after the underlying role model, source data, and ownership model are stable enough to support consistent decisions. If HR records, app ownership, or entitlement naming are still inconsistent, automation will scale errors faster than the team can correct them. Governance quality must come before workflow speed.
👉 Read our full editorial: Hershey’s identity security migration shows the limits of legacy IGA
