Notifications
Clear all
Topic starter
12/06/2026 10:24 pm
TL;DR: IT operations now spans availability, change, security, capacity, and access management, and the article frames Zero Trust, automation, and identity controls as central to keeping services stable and secure, according to Zluri. The practical gap is that operational speed often outpaces governance discipline, so identity and access rules need to be embedded in IT ops rather than treated as a separate layer.
NHIMG editorial — based on content published by Zluri: IT Teams What Is IT Operations (IT ops)?
Questions worth separating out
Q: How should IT teams handle access management inside operations workflows?
A: They should treat access management as part of the operational workflow, not a separate governance step.
Q: Why do automation and IT ops increase identity risk?
A: Automation increases identity risk when operational speed creates more standing access, more service accounts, and more tokens that are difficult to review.
Q: How do organisations know whether Zero Trust is actually working in IT operations?
A: They know Zero Trust is working when every operational action is tied to a verified identity, a limited privilege scope, and a current policy decision.
Practitioner guidance
- Embed access reviews into operational change workflows Require entitlement review before major configuration changes, new service onboarding, or environment expansion so access stays aligned with current operational need.
- Separate human admin access from automation identities Create distinct machine identities for CI/CD, monitoring, and remediation workflows, then scope each one to a narrow task set with clear ownership.
- Tie Zero Trust to identity checks at every operational boundary Verify authentication, privilege level, and session context before allowing administrative actions, especially in cloud, SaaS, and shared infrastructure.
What's in the full article
Zluri's full guide covers the operational detail this post intentionally leaves for the source:
- Role-by-role explanation of IT operations responsibilities across infrastructure, monitoring, change, and incident response
- Detailed comparison of IT operations versus IT operations management for planning and governance teams
- Examples of SaaS, cloud, CI/CD, and SecOps functions inside the broader operations model
- Practical framing of how access management and Zero Trust are handled inside day-to-day IT operations
👉 Read Zluri's guide to IT operations and access management →
IT operations access management: are your controls keeping up?
Explore further
13/06/2026 1:09 am
IT operations is now an identity governance function as much as an infrastructure function. The article treats access management as one of the major IT ops processes, which is exactly how operational teams become the de facto governors of entitlement sprawl. When operations owns provisioning, change execution, and service continuity, it also shapes who can reach critical systems and how quickly that access is corrected. Practitioners should treat IT ops as part of the identity control plane, not as a downstream consumer of IAM policy.
A few things that frame the scale:
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, according to Ultimate Guide to NHIs.
- 71% of NHIs are not rotated within recommended time frames, increasing the risk of compromise over time.
A question worth separating out:
Q: Who is accountable for access control when IT operations own the platform?
A: Accountability should sit with the operational owner of the system and the identity governance function together. Operations controls the technical path, while IAM defines the entitlement model and review standard. If either side treats access as someone else’s problem, privilege drift becomes predictable.
👉 Read our full editorial: IT operations and identity control: where access management fails
