Notifications
Clear all
Topic starter
27/06/2026 12:58 pm
TL;DR: Identiverse 2026 reinforced three IAM shifts: identity visibility platforms are moving from siloed insight to remediation, role governance is becoming more operational, and lifecycle documentation must stay live as environments change, according to Nexis. The broader message is that identity management is shifting from periodic administration to continuous governance.
NHIMG editorial — based on content published by Nexis: IAM My Takeaways from Identiverse 2026, where identity management is heading next
By the numbers:
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
Questions worth separating out
Q: How should IAM teams reduce identity sprawl across disconnected tools?
A: Start by mapping which platform owns authoritative identity data, entitlement decisions, and remediation actions.
Q: Why do role models still matter in modern identity governance?
A: Roles still matter because they translate business structure into access decisions in a way most organisations can understand and review.
Q: How do organisations know if IAM documentation is actually working?
A: Documentation is working when it reflects the current application landscape, ownership, and access state without long manual delays.
Practitioner guidance
- Map identity silos to a single remediation workflow Inventory which IAM, IGA, PAM, and security tools currently own visibility, decisioning, and enforcement.
- Formalise role lifecycle governance Create a process for role creation, review, optimisation, and retirement that includes business ownership and scheduled validation.
- Treat IAM documentation as a live control Connect application ownership, entitlement records, and governance evidence so documentation updates with the environment rather than after it.
What's in the full article
Nexis's full blog post covers the conference commentary and vendor perspective this post intentionally leaves for the source:
- How Nexis interprets Identity Visibility and Intelligence Platforms in the context of IAM silos and remediation
- The author’s detailed view on role lifecycle governance, including why RBAC still matters in combination with ABAC and PBAC
- The discussion of IAM governance documentation in regulated environments such as financial services under DORA
- The concluding conference reflections and references to the author’s related posts on AI governance
👉 Read Nexis's takeaways from Identiverse 2026 on identity governance →
Identiverse 2026: what continuous identity governance changes next?
Explore further
27/06/2026 2:07 pm
IVIP is the market response to IAM fragmentation, not a new control category. The article’s core point is that visibility and remediation have become inseparable because identity data is scattered across IAM silos. That is the real operational gap: teams can no longer rely on separate product views to answer access questions at enterprise scale. Practitioners should evaluate whether their current tooling supports cross-domain identity correlation and action, not just monitoring.
A few things that frame the scale:
- 88.5% of organisations acknowledge that their non-human IAM practices lag behind or are merely on par with their human identity and access management efforts, according to The 2024 Non-Human Identity Security Report.
- Only 19.6% of security professionals express strong confidence in their organisation's ability to securely manage non-human workload identities, which reinforces how immature identity governance remains in practice.
A question worth separating out:
Q: Who should own lifecycle failures when access is not removed on time?
A: Accountability should sit with the system and business owners who control the identity’s lifecycle, not only the IAM team. If removal, certification, or reassignment fails at offboarding, the programme needs clear ownership for each transition point and a measurable way to confirm closure.
👉 Read our full editorial: Identity management after Identiverse 2026: governance is getting continuous
