A few things that frame the scale:

• 71% of NHIs are not rotated within recommended time frames, increasing the risk of compromise over time, according to Ultimate Guide to NHIs.
• Only 5.7% of organisations have full visibility into their service accounts, which shows how often identity governance starts from a partial inventory rather than a complete control picture.

A question worth separating out:

Q: How do single-instance CIAM environments reduce vendor lock-in?

A: Single-instance CIAM can reduce lock-in by keeping configuration and sensitive identity data more portable, including password hashes where policy allows it. That makes future migration less disruptive because customers are less dependent on a shared platform's internal data model. The practical test is whether exit is a controlled migration or a forced password reset event.

👉 Read our full editorial: Single-instance CIAM changes the trust model for customer identity

TL;DR: Single-instance CIAM isolates customer data, traffic, and policy from shared tenants, reducing cross-tenant attack paths, simplifying residency and PCI-DSS v4.0 concerns, and improving performance predictability, according to Strivacity. The architectural choice matters because identity design now shapes compliance burden, outage exposure, and customer trust as much as login UX does.

NHIMG editorial — based on content published by Strivacity: Single-instance CIAM and the business case for isolated customer identity

Questions worth separating out

Q: How should teams decide between single-instance and multi-tenant CIAM?

A: Teams should decide based on isolation needs, regulatory pressure, and tolerance for shared operational risk.

Q: Why does CIAM tenancy matter for compliance and audits?

A: CIAM tenancy matters because auditors need to understand where identity data lives, who can access it, and how separation is enforced.

Q: What breaks when customer identity is forced into a shared platform model?

A: What breaks first is containment.

Practitioner guidance

• Classify CIAM tenancy as a governance decision Document whether your current customer identity platform is genuinely single-instance, logically isolated, or shared with compensating controls, then tie that classification to risk acceptance, audit scope, and architecture review.
• Test tenant blast-radius assumptions Review how a breach, outage, or misconfiguration in one customer environment would affect other tenants, and validate whether segmentation, policy boundaries, and resource controls are actually preventing cross-tenant impact.
• Map residency and compliance obligations to hosting design Align data location, access boundaries, and audit evidence with the regions in which customer identity data is processed, especially where sovereignty or PCI-DSS v4.0 requirements apply.

What's in the full article

Strivacity's full article covers the operational detail this post intentionally leaves for the source:

• A deeper walkthrough of how single-instance CIAM changes account isolation, change timing, and regional placement.
• The vendor's specific explanation of why multi-tenant hosting adds compliance and audit complexity in regulated environments.
• The practical discussion of password-hash portability and how dedicated environments affect migration planning.
• The customer scenarios the vendor uses to justify single-instance CIAM for high-traffic, public sector, and B2B use cases.

👉 Read Strivacity's analysis of single-instance CIAM and shared-tenant risk →

Single-instance CIAM versus multi-tenant risk: what teams should weigh?

Explore further

View Full Forum →  |  NHI Foundation Course →