In my nearly two decades as an identity practitioner — including leading identity programs at global financial institutions and serving as a CISO — I’ve seen a recurring pattern that quietly erodes enterprise velocity. I call it “Monday morning friction.”
The symptoms often look mundane, but they are systemically expensive:
- The project stall: A cloud migration pauses while an engineer waits days for approval on a single resource.
- The executive “dark” period: A newly hired leader spends their first week unable to access the very dashboards they were hired to oversee.
- The security workaround: A developer uses a shared credential because the formal request process is too slow for the current sprint.
In large enterprises, these moments are often dismissed as routine IT friction. In practice, they are signals of manual access governance quietly slowing the pace of the business.
When I sat in the CISO chair, the pressure was binary: Keep the organization secure without becoming the “Office of No.” What has become increasingly clear in boardroom conversations is that manual access governance is no longer just a security concern. It has evolved into a persistent source of operational friction that slows the very transformation CIOs are tasked with accelerating.
The productivity tax of the “I don’t know” loop
The most significant hidden cost in governance isn’t software — it is lost time.
Research from Lakeside Software’s 2024 IT Leaders Report shows that employees lose nearly an hour each week to IT-related friction, with access delays and technical hurdles among the primary contributors. In a 10,000-employee enterprise, that translates into hundreds of thousands of productive hours annually spent waiting, escalating or troubleshooting.
This creates what I’ve seen repeatedly: The “copy-paste” model of onboarding. A new employee is told to replicate the access of someone else in a similar role. Over time, those inherited permissions accumulate. What begins as expedience becomes structural privilege creep.
The SaaS paradox: Modern tools, manual workflows
Most enterprises no longer rely on spreadsheets for governance. They use sophisticated identity governance and administration (IGA) platforms. Yet the presence of modern interfaces has not eliminated manual intervention.
Today’s “manual trap” is less visible. It’s the human-in-the-loop model that requires managers to interpret cryptic entitlements and click “approve” on decisions they may not fully understand.
Even in organizations with advanced identity tooling, automation frequently stops halfway. HR systems, identity directories, provisioning engines and application logs may each function well in isolation — but the human often becomes the integration layer between them. That integration work carries a cost. Every escalation pulls focus from higher-value work and pulls the CIO further away from digital acceleration goals.
Governance as a spend signal
Increasingly, CIOs are asking a broader question: Can identity governance help manage SaaS sprawl?
Identity data holds a powerful, underused signal. Authentication frequency and inactivity patterns reveal where access no longer aligns with usage. When viewed through an operational lens, identity governance becomes a shadow IT discovery tool.
For CIOs managing margin pressure and platform rationalization, this reframes identity from a cost center to a potential efficiency lever. If an identity platform can flag that a significant portion of a SaaS tier is unused because the governance signal shows zero logins in 90 days, it moves from a security checkbox to a procurement asset.
Approval fatigue and governance debt
Manual governance often creates the illusion of control. A manager clicking “approve” feels like oversight. In practice, high-volume approval queues create approval fatigue.
When access requests arrive described in dense shorthand — such as FIN-PRD-DB-USR-RW — most managers lack the time or context to dissect each entitlement. Over time, approvals become reflexive. This is where governance debt accumulates.
Like technical debt, governance debt is the byproduct of incremental shortcuts. The interest on that debt is paid not only in risk, but in downtime, rework and fragmented visibility.
The scaling problem: AI and machine identities
Manual governance models were designed for a workforce of humans. That denominator is changing. In cloud-forward environments, non-human identities — such as service accounts, bots and AI agents — already outnumber human users. These identities are created and modified at the speed of code.
A governance model that depends on manual review does not scale for AI. As CIOs invest in automated workflows and autonomous agents, identity governance increasingly needs to transition from a human-centric process to a higher-velocity automated control plane.
Identity as an operational control system
The friction surrounding access governance is often framed as a security trade-off: Safety versus speed. In practice, the issue is fragmentation.
When identity operates in isolation, organizations rely on people to bridge the gaps. Human coordination becomes the control plane. That is expensive, slow and prone to error.
Viewed through this lens, identity governance is an operational control system that influences onboarding speed, engineering throughput and workforce productivity. CIOs who recognize its role in shaping workflow velocity and cost transparency gain a competitive edge. Governance does not have to function as an emergency brake; it can become part of the engine.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
Read More from This Article: The real cost of manual access — and why CIOs are paying attention
Source: News