TL;DR: IT service excellence depends on measurable service delivery, tighter cross-team coordination, and lifecycle automation that covers onboarding, access changes, and offboarding, according to Zluri. The deeper lesson is that IT service models fail when user experience, approval design, and access revocation are treated as separate problems rather than one governed lifecycle.
NHIMG editorial — based on content published by Zluri: IT Teams 6 Strategies to Establish A Culture Of IT Service Excellence
By the numbers:
- 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
- Only 5.7% of organisations have full visibility into their service accounts.
Questions worth separating out
Q: How should teams connect IT service management with identity governance?
A: Teams should treat IT service management and identity governance as one lifecycle problem.
Q: Why do lifecycle workflows matter for access control?
A: Lifecycle workflows matter because access risk usually appears when entitlement changes are handled inconsistently.
Q: What breaks when access removal is treated as a back-office task?
A: When access removal is treated as a back-office task, revocation becomes slow, inconsistent, and hard to audit.
Practitioner guidance
- Define shared ownership for lifecycle steps Map request intake, approval, entitlement assignment, and revocation to named owners so the helpdesk, app owners, and security team all know where accountability begins and ends.
- Automate only policy-backed workflows Encode approval thresholds, role-based routing, and deprovisioning triggers into lifecycle tooling before scaling automation across onboarding, mid-life changes, and offboarding.
- Measure access removal as a service metric Track how long it takes to revoke access after role change or departure, and review the delay alongside ticket closure and user satisfaction metrics.
What's in the full article
Zluri's full article covers the operational detail this post intentionally leaves for the source:
- Step-by-step guidance on shaping an IT service culture around shared goals and measurable delivery outcomes
- Detailed examples of how lifecycle tooling supports onboarding, access requests, and offboarding workflows
- Practical discussion of service metrics, team ownership, and continuous service improvement in day-to-day operations
- Product-specific details on how Zluri presents user lifecycle management, SaaS management, and access request flows
👉 Read Zluri's article on building IT service excellence and lifecycle operations →
IT service excellence and lifecycle governance: what teams miss?
Explore further
IT service excellence and identity governance are the same operating problem. The article treats service quality as a matter of workflow discipline, but that discipline is also how access is controlled, reviewed, and removed. When teams share goals, use measurable objectives, and eliminate handoff friction, they are building the same structure identity governance needs. The implication is that IT service management is not separate from IAM maturity; it is one of the places where IAM either works or breaks.
A few things that frame the scale:
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which means most identity programmes still lack basic inventory discipline.
A question worth separating out:
Q: Who should own approval and offboarding decisions in a mature IT service model?
A: Approval and offboarding should be jointly owned by the business owner, the application owner, and the identity or security function. Business teams know the need, app owners know the system impact, and identity teams know the governance rules. That shared model reduces exceptions and makes it easier to show that access was authorised and later revoked.
👉 Read our full editorial: IT service excellence depends on lifecycle governance, not just tools