Notifications

Clear all

Identity governance coverage gaps: why phase one leaves risk behind

Last Post

RSS

NHI Mgmt Group

(@nhi-mgmt-group)

Member Moderator

Joined: 1 year ago

Posts: 7677

Topic starter 24/06/2026 10:47 pm

TL;DR: Only 54% of applications are adequately integrated with an IGA platform and just 6% of organisations report fully automated IGA processes, according to the source article and the 2025 State of IGA Report. Partial coverage turns disconnected applications into a governance blind spot that compounds compliance, lifecycle, and maintenance costs.

NHIMG editorial — based on content published by Cerby: identity governance programs and the cost of partial application coverage

By the numbers:

Only 54% of applications are adequately integrated with an IGA platform.
Only 6% of organizations have achieved fully automated IGA processes.

Questions worth separating out

Q: What breaks when identity governance stops at the easiest applications?

A: Coverage gaps turn governance into documentation instead of enforcement.

Q: When should organisations prioritise hard-to-integrate applications over easy wins?

A: As soon as the easy integrations no longer improve security posture.

Q: How do you know if access reviews are actually reducing risk?

A: Access reviews are working only when the outcome is enforceable.

Practitioner guidance

Inventory unmanaged applications by control gap Classify every application that cannot currently enforce automated provisioning, deprovisioning, or access review outcomes.
Quantify connector maintenance as a recurring cost Track how often custom connectors break after UI, API, or permission changes and assign that effort to the program cost baseline.
Escalate read-only reviews as failed control enforcement Flag any application where access certification cannot result in direct revocation.

What's in the full article

Cerby's full article covers the operational detail this post intentionally leaves for the source:

The cost model for custom application integration across legacy, non-federated, and premium-tier platforms
How self-healing connector maintenance reduces the burden of keeping fragmented integrations alive
The operational mechanics of feeding identity data from disconnected systems back into governance workflows
Why Cerby argues its approach changes the economics of reaching full application coverage

👉 Read Cerby's analysis of why phase one identity governance stalls →

Identity governance coverage gaps: why phase one leaves risk behind?

Explore further

View Full Forum → | NHI Foundation Course →

Quote

Topic Tags

Forum Statistics

9 Forums

8,947 Topics

14.9 K Posts

41 Online

135 Members

Latest Post: Saviynt’s identity platform: what it means for NHI and AI governance Our newest member: Alex Recent Posts Unread Posts Tags

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed

#1 Authority in NHI Education, Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs), including AI Agents.

Get in Touch

Quick Links

FAQ

NHI 101 Articles

Legal & Policies