Notifications
Clear all
Topic starter
14/05/2026 6:12 pm
TL;DR: Eve Maler argues that identity teams should operate like product owners, not ticket-takers, because identity now serves protection, personalization, payment, and people at once, according to Saviynt. The shift reframes metrics, stakeholder expectations, and service design, making governance a product problem rather than a queue-management problem.
NHIMG editorial — based on content published by Saviynt: Eve Maler on why identity teams need to stop thinking like ticket-takers
Questions worth separating out
Q: How should identity teams move from ticket queues to product ownership?
A: Start by defining identity as a service with users, outcomes, and service levels.
Q: Why does product thinking matter for IAM governance?
A: Because identity decisions shape both risk and user experience, and those outcomes cannot be balanced well through ad hoc ticket handling.
Q: What is the difference between identity operations and identity product management?
A: Identity operations focuses on completing requests efficiently, while identity product management focuses on outcomes, ownership, and continuous improvement.
Practitioner guidance
- Establish identity product ownership Assign a named owner for each core identity service, including provisioning, access review, exception handling, and deprovisioning.
- Define outcome-based identity metrics Track policy adherence, time to revoke, access quality, and user friction alongside ticket volume so the team can see whether it is improving control or simply moving requests faster.
- Extend ownership to non-human identities Create lifecycle ownership for service accounts, tokens, certificates, and AI agents, with explicit review and retirement requirements for each class of identity.
With 97% of NHIs carrying excessive privileges, according to Ultimate Guide to NHIs, the operating model must include owners, service levels, and lifecycle checkpoints that prevent access from drifting?
👉 Read Saviynt's conversation with Eve Maler on identity product ownership →
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
14/05/2026 6:13 pm
Identity as a product is the right operating model for modern IAM. Ticket-based delivery makes sense for low-risk service work, but it does not create accountability for outcomes. Product ownership forces teams to define users, service levels, and control objectives, which is exactly what identity governance needs when access decisions affect both security and business operations. Practitioners should treat identity as a managed service with measurable outcomes, not a request fulfilment line.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
A question worth separating out:
Q: How do non-human identities fit into a product ownership model?
A: They fit as managed services that require onboarding, scoping, review, rotation, and retirement. Without explicit ownership, service accounts and tokens become persistent access paths that no one is accountable for, which is exactly the kind of gap product thinking is meant to close.
👉 Read our full editorial: Identity teams must move from ticket queues to product ownership
