Notifications
Clear all
Topic starter
25/06/2026 5:11 pm
TL;DR: Static reviews and disconnected governance tools can no longer keep up with faster, more adaptive threats, according to SailPoint, and Atlas advanced functionality uses runtime signals, context-aware approvals, and orchestration to make identity a live control plane. The key shift is that access governance must now operate continuously, not as a periodic compliance layer.
NHIMG editorial — based on content published by SailPoint: Why identity must evolve, introducing Atlas advanced functionality
By the numbers:
- 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
- Only 5.7% of organisations have full visibility into their service accounts.
Questions worth separating out
Q: How should security teams implement runtime access decisions in identity governance?
A: Start with the highest-risk decisions, such as privileged access and sensitive application requests, and wire in live signals from security and device telemetry.
Q: When does context-aware approval add more value than a fixed workflow?
A: It adds the most value when threat state, device health, or request context meaningfully changes the risk of the entitlement being requested.
Q: What do security teams get wrong about persona-based identity reporting?
A: They often treat dashboards as presentation layers rather than access decisions.
Practitioner guidance
- Map which access decisions need live risk context Identify request flows where SIEM, SOAR, XDR, ITDR, or device posture should influence approval, escalation, or denial.
- Separate fixed approvals from adaptive approvals Keep low-risk, predictable access on simple paths, but route sensitive requests through context-aware logic that can change based on severity, location, time, or device state.
- Design persona-based reporting tiers Define which identity data executives, auditors, SOC analysts, and administrators actually need.
What's in the full article
SailPoint's full blog covers the operational detail this post intentionally leaves for the source:
- How Atlas routes access requests through context-aware branching logic based on threat severity and user attributes.
- Examples of how identity workflows can trigger deprovisioning or escalation when security signals change.
- Persona-based reporting patterns for executives, SOC teams, auditors, and administrators.
- The vendor’s framing of how identity, security operations, and business processes are orchestrated together.
👉 Read SailPoint’s blog on Atlas advanced functionality and runtime identity decisions →
Runtime identity decisions: what IAM teams need to change?
Explore further
25/06/2026 5:44 pm
Static identity governance is now an assumption failure, not just a maturity gap. The article’s core premise is that manual certifications and periodic approvals were built for a slower threat environment. That model fails when access risk changes between review cycles and when the security context is live, not archival. The implication is that identity programmes must be judged on whether they can act during risk, not merely document control after the fact.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which shows how hard it is to enforce runtime governance at scale.
A question worth separating out:
Q: Why should IAM and SOC teams connect identity workflows to threat telemetry?
A: Because identity controls are more effective when they react to the same signals the security team already uses to detect risk. Connecting telemetry lets identity participate in containment, not just compliance, and reduces the time between threat detection and access action.
👉 Read our full editorial: Runtime identity decisions redefine enterprise access governance
