Notifications
Clear all
Topic starter
27/06/2026 1:30 pm
TL;DR: Security and IT are working from incomplete views of human and non-human identities, which keeps remediation open for weeks, according to Zluri's analysis. The real issue is structural: access reviews, offboarding, and remediation workflows were not built for service accounts, OAuth tokens, and AI tools that sit outside the managed directory.
NHIMG editorial — based on content published by Zluri: Career The IT-Security Misalignment That Keeps Your Risk Window Open
Questions worth separating out
Q: How should teams close the gap between security alerts and identity remediation?
A: They need a shared identity inventory and a workflow that maps each alert to an accountable owner before remediation begins.
Q: Why do non-human identities make remediation slower than standard user accounts?
A: Because service accounts, OAuth tokens, and AI tools often carry embedded dependencies that are not obvious in a directory record.
Q: What do security teams get wrong about AI tools in identity governance?
A: They often treat them as software procurement issues rather than access governance issues.
Practitioner guidance
- Map every finding to an accountable owner before remediation starts Require security alerts to carry system owner, business owner, and dependency metadata before they enter the remediation queue.
- Extend inventory coverage beyond the managed directory Include service accounts, OAuth-connected apps, API keys, legacy systems, and department-owned AI tools in one live inventory so security findings can be matched to real operational dependencies.
- Automate access reviews for non-human identities and unmanaged apps Run access reviews on a defined cadence for identities that are not covered by HR-driven joiner mover leaver processes, and attach evidence at the point of review so later reconstruction is unnecessary.
What's in the full article
Zluri's full blog post covers the operational detail this post intentionally leaves for the source:
- How its identity security posture management layer maps findings to remediation workflows across managed and unmanaged identities.
- How access management, access requests, and segregation of duties controls are combined into a single closure process.
- How the platform represents SaaS applications, service accounts, OAuth tokens, and AI agent permissions in one view.
- How audit evidence is captured at the point of remediation rather than reconstructed later.
👉 Read Zluri's analysis of the IT and security remediation gap across modern identities →
NHI and IT-security misalignment: where risk stays open?
Explore further
27/06/2026 2:53 pm
Identity governance fails when security can detect risk faster than IT can establish ownership. The article describes a system in which findings arrive before the accountable system or identity owner is known, especially for unmanaged SaaS and non-human identities. That creates a governance bottleneck, not a communications problem. The implication is that remediation speed is capped by identity context quality, not ticket priority.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- 38% have no or low visibility and a further 47% have only partial visibility into those OAuth-connected vendors, which means ownership and exposure are still being inferred rather than governed.
A question worth separating out:
Q: Who is accountable when risk remains open after security flags it?
A: Accountability sits with both functions, but only if ownership data and remediation workflow are aligned. Security owns the risk signal, while IT owns execution. If the organisation cannot connect the two through a live control system, leadership will keep seeing recurring findings that reflect a structural governance gap rather than a single team's failure.
👉 Read our full editorial: IT-security misalignment is widening the NHI risk window
