A mismatch between the event that changes a user's status and the actual removal or update of their access in downstream systems. It is a common governance failure when onboarding, mover, or offboarding actions do not propagate consistently across every application that holds entitlements.
Expanded Definition
Lifecycle discontinuity describes a control gap between the moment an identity status changes and the moment downstream systems actually reflect that change. In NHI environments, the gap often appears when offboarding, role changes, environment retirement, or application decommissioning are recorded in one system but not enforced everywhere else. That makes the term broader than simple provisioning delay: it includes stale service accounts, unrevoked API keys, orphaned tokens, and permissions that survive after the business reason for access has ended.
Industry usage is still evolving, but the core concern aligns with the OWASP Non-Human Identity Top 10, which treats lifecycle control as a first-order security issue rather than an administrative afterthought. NHI Management Group’s NHI Lifecycle Management Guide emphasizes that lifecycle integrity must extend across discovery, rotation, revocation, and validation, not just HR-triggered workflows. The most common misapplication is assuming that a ticket closure or directory update means access was removed everywhere, which occurs when downstream apps, secrets stores, and CI/CD systems are not part of the deprovisioning path.
Examples and Use Cases
Implementing lifecycle discontinuity controls rigorously often introduces operational friction, requiring organisations to weigh faster change processing against stronger revocation assurance and auditability.
- A contractor is marked as offboarded in HR, but a build system still accepts their API token because the secrets store was never updated.
- A developer is moved to a new team, yet the old service account retains write access to production because application entitlements were not re-evaluated.
- A cloud workload is retired, but its certificate continues to authenticate to a partner integration, creating an orphaned trust relationship.
- An incident response team revokes a credential in one vault, only to find a duplicate copy embedded in code and a second copy in a ticketing system, a pattern highlighted in the Guide to the Secret Sprawl Challenge.
- A CI pipeline rotates a token for one repository, while a shared NHI in another pipeline remains valid, reflecting the overuse issues described in Top 10 NHI Issues and the identity lifecycle concerns in the Ultimate Guide to NHIs — Lifecycle Processes for Managing NHIs.
These scenarios are especially common when governance treats service accounts like static infrastructure, while the actual access footprint keeps changing through deployments, automation, and vendor integrations.
Why It Matters in NHI Security
Lifecycle discontinuity is dangerous because it creates silent residual access, and silence is exactly what makes NHI compromise hard to detect. NHI Management Group reports that only 20% of organisations have formal processes for offboarding and revoking API keys, which helps explain why stale access persists long after a user or workload should have lost it. In practice, the risk is not limited to one identity object; it extends to duplicated secrets, overused tokens, and orphaned permissions that continue to authenticate across multiple systems.
That failure undermines least privilege, complicates incident response, and weakens Zero Trust because the trust boundary no longer updates in step with business reality. The OWASP Non-Human Identity Top 10 frames this as a lifecycle governance issue, while the NHI Lifecycle Management Guide ties it to continuous revocation and verification. NHI Lifecycle Management Guide and Top 10 NHI Issues both show that lifecycle failures become especially severe when access outlives the workload or the person who justified it. Organisations typically encounter the consequence only after a breach investigation reveals an old token or dormant account was still valid, at which point lifecycle discontinuity becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | Lifecycle gaps create stale NHIs and orphaned access, a core OWASP NHI risk. |
| NIST CSF 2.0 | PR.AC-1 | Access is not truly removed until downstream systems reflect the status change. |
| NIST Zero Trust (SP 800-207) | SC-7 | Zero Trust requires continuously revalidating access as identity context changes. |
Synchronise identity updates across all systems and verify removal after offboarding or role changes.
Related resources from NHI Mgmt Group
- How does NHI lifecycle management differ from human identity lifecycle management?
- What is the difference between runtime protection and NHI lifecycle management?
- How should organisations prove EU AI Act compliance across the AI lifecycle?
- What is the difference between secrets rotation and lifecycle governance?
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 9, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
