Notifications
Clear all
Topic starter
08/06/2026 5:04 pm
TL;DR: The 2025 EDUCAUSE Horizon Report shows higher education IAM is being slowed by budget pressure, shadow IT, zero-trust tension, and weak executive buy-in, with three-quarters of respondents citing leadership support as a barrier, according to Bravura Security. In NHIMG terms, the problem is not a lack of tools but a governance model that has not kept pace with how colleges and universities now adopt and use identity-enabled services.
NHIMG editorial — based on content published by Bravura Security: the 2025 EDUCAUSE Horizon Report analysis of higher education IAM automation blockers
Questions worth separating out
Q: How should higher education teams prioritise IAM automation when budgets are tight?
A: Start with the identity tasks that create the most operational drag and risk, such as provisioning, deprovisioning, access review, and federation.
Q: Why does shadow AI create identity risk in universities?
A: Shadow AI creates identity risk because it introduces ungoverned access paths to institutional data.
Q: What do universities get wrong about zero trust?
A: They often treat zero trust as a restriction model instead of an access design model.
Practitioner guidance
- Build an IAM business case around measurable operational outcomes Quantify time saved, error reduction, and reduced manual rework, then tie those savings to risk reduction and audit readiness rather than platform consolidation.
- Map shadow AI tools to identity and data control points Inventory unsanctioned AI and collaboration tools, identify where authentication and authorisation happen, and block institutional data use until the tool is visible in governance workflows.
- Translate zero trust into academic workflows Use project, role, and data sensitivity to define access patterns that preserve collaboration while still enforcing least privilege and continuous verification.
What's in the full article
Bravura Security's full article covers the operational detail this post intentionally leaves for the source:
- A fuller breakdown of how higher education institutions can quantify the ROI of IAM automation for leadership
- Specific examples of the automation hurdles affecting federated identity, shadow IT, and zero trust adoption
- The survey framing behind the executive buy-in finding and how respondents interpreted the barrier
- The source discussion of how institutions can communicate IAM value to the C-suite
👉 Read Bravura Security's analysis of IAM automation blockers in higher education →
Higher education IAM automation: what is slowing adoption now?
Explore further
08/06/2026 7:03 pm
Budget-constrained IAM is a lifecycle failure, not just a resourcing issue. When institutions postpone automation, they are also postponing joiner-mover-leaver discipline, recertification, and entitlement rationalisation. That means the access model keeps accumulating exceptions while the programme lacks the visibility to correct them. The practical conclusion is that underfunded IAM becomes a governance debt problem, not a technology backlog.
A few things that frame the scale:
- Lack of credential rotation is cited as the top cause of NHI-related attacks by 45% of organisations, followed by inadequate monitoring and logging (37%) and over-privileged accounts (37%), according to The State of Non-Human Identity Security.
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, including 38% with no or low visibility and 47% with only partial visibility.
A question worth separating out:
Q: Who should own IAM automation in a higher education institution?
A: IAM automation needs executive ownership because it affects risk, budget, operations, and user experience at the same time. If leadership does not sponsor the programme, identity work stays fragmented and the institution keeps paying for manual control gaps in every department.
👉 Read our full editorial: Higher education IAM automation is blocked by budgets and buy-in
