IAM in cloud environments: what governance gaps teams are missing

TL;DR: Cloud IAM gets harder as access, provisioning, integrations, and compliance reporting spread across SaaS and departmental admins, according to Zluri. The core issue is not authentication alone but lifecycle control, visibility, and least-privilege enforcement across a decentralised identity surface.

NHIMG editorial — based on content published by Zluri: Security & Compliance Top 4 Identity and Access Management Challenges

By the numbers:

• 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
• Only 5.7% of organisations have full visibility into their service accounts.
• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.

Questions worth separating out

Q: How should organisations govern SaaS access when teams can buy apps outside central IT?

A: Treat SaaS governance as an inventory and entitlement problem, not just a login problem.

Q: Why does user lifecycle management break down in cloud IAM programmes?

A: It breaks down because joiner, mover, and leaver events often update the directory faster than they update each SaaS application.

Q: What do security teams get wrong about access request management?

A: They often optimise for speed and approval convenience instead of entitlement precision.

Practitioner guidance

• Map every SaaS app to an accountable owner Create an inventory that links each application to its owner, the identity source, and the approval path used to grant access.
• Automate joiner-mover-leaver workflows across all app types Connect HR events, directory changes, and application entitlement changes so a role change or offboarding event triggers access updates in every system, not just the primary SSO or email stack.
• Translate access requests into technical entitlements Replace vague business request text with defined roles, groups, or app-level permission sets.

What's in the full article

Zluri's full article covers the operational detail this post intentionally leaves for the source:

• A SaaS management workflow that shows how the platform centralises application visibility across departments.
• Step-by-step handling of onboarding, offboarding, and mid-lifecycle role change automation.
• The access request and approval flow used to reduce shadow app buying and entitlement drift.
• Compliance visibility for third-party SaaS tools, including how centralized reporting is presented.

👉 Read Zluri's article on the top IAM challenges in cloud environments →

IAM in cloud environments: what governance gaps teams are missing?

Explore further

View Full Forum →  |  NHI Foundation Course →