Skip to main content

Think IGA is challenging? You’re not alone

Published Date
Author Tricia Peck

A sleek, modern sports car with its hood open, displayed in a futuristic, high-tech garage. Digital cloud icons and glowing lines are overlaid, symbolizing advanced technology, automation, and integration—visually representing the complexity and modernization of identity governance and automation (IGA).

If getting visibility into and governance over your identity estate feels like a headache that—despite attempts at treatment—won’t go away, you’re not alone. You may have processes or tools, but manual work persists, and new apps and identities appear every day. Sound familiar? Many identity governance and automation (IGA) programs are stalling, and it’s not for lack of effort.

The identity security landscape is exploding, with human identities (such as employees, contractors, and interns) and machine identities (which outnumber humans by more than 80:1) multiplying faster than ever. Combined with ongoing application sprawl, this growth makes effective and continuous governance a serious challenge. The old ways of static governance, manual processes and tools designed for on-premises infrastructure can’t keep pace.

No one wakes up and decides to implement IGA for fun. It’s a strategic move driven by real business needs. Organizations need strong governance programs to solve challenges related to identity estate visibility, regulatory compliance, breach risks, and worker productivity.

The impact of governance demands on organizations is apparent in the findings from Enterprise Strategy Group’s (ESG) recent report, “Identity Security at a Crossroads: Balancing Stability, Agility and Security”:

  • Cybersecurity best practice: For over 77% of organizations, IGA is a core cybersecurity best practice. It’s the baseline of a strong identity security posture.
  • Pervasive risk: Access creep is real. During user access reviews, 67% of organizations revoke up to 30% of user permissions. That’s a lot of unnecessary lingering access, which can too easily be exploited.
  • Productivity drag: When a new hire waits an average of six days for full application access, that’s a full week of lost productivity before they can even start their job. Swift access accelerates productivity across the business.

These findings underscore the importance of IGA for an organization’s ability to manage risk, maintain compliance, and improve operational efficiency. Tackling these challenges head-on is essential for a business to scale with agility and security.

Pull quote: “No one wakes up and decides to implement IGA for fun. It’s a strategic move driven by real business needs.” This quote highlights the necessity and business-driven motivation behind implementing Identity Governance and Automation (IGA).

Why traditional IGA programs fall short

Understanding why IGA is such a struggle is a good first step toward building a viable identity governance strategy that works in today’s identity and application ecosystem. Even with a dedicated IGA tool, many organizations fail to implement a fully automated IGA program. Their progress is typically blocked by two major hurdles:

1. Integration friction

An automated IGA solution can only work if it effectively connects to all in-scope applications, but integration is rarely simple. Legacy tools weren’t designed to integrate with modern cloud and SaaS apps, and even modern tools can struggle to connect with on-premises applications or to integrate applications without publicly available APIs. Only 15% of organizations have integrated more than 80% of their applications, and 59% cite integration difficulty as a primary reason for incomplete deployment.

It’s like buying a sports car with missing parts and an inoperable engine—one that also requires a highly specialized and expensive mechanic just to get it on the road. Powerful in theory, but unable to perform when it matters.

The good news: some modern IGA platforms are tackling these integration challenges head-on, making it easier for organizations to connect their entire application landscape.

2. IGA is slow and expensive to implement

An IGA program’s success depends on how efficiently it can be rolled out across an organization, but too often, the process is drawn out, resource-intensive, and costly. Legacy deployments typically involve months of manual integration work and cross-functional coordination, slowing time-to-value and driving up costs.

In fact, 57% of organizations report that the high cost of professional services needed for integration is a major barrier to completing their IGA implementation. Even as enterprises recognize the importance of centralized, automated governance, many are still struggling to complete implementation.

How IGA operational strain builds

Everyone across the organization feels the operational burden when IGA programs stall (or fail to get started in the first place). This is why a staggering 87% of organizations still depend on manual efforts for core IGA tasks despite the availability of automation tools. Spreadsheets, emails, and IT tickets remain the go-to methods for access reviews and provisioning for over half of all businesses. When teams are buried in repetitive tasks, they aren’t focusing on strategy.

What’s more, the demands around IGA tasks are only growing: 80% of organizations report that they are increasing the scope of their access reviews. As the proliferation of applications and identities of all types continues, there are more accounts to provision and more permissions to review. The pressure is mounting, and the teams pay the price with time and effort.

As these challenges mount—draining time, resources, and morale—it’s clear that clinging to outdated approaches is no longer sustainable. Organizations need a new path forward, one that replaces manual bottlenecks with automation and agility. That’s where a modern IGA approach comes in.

The benefits of a modern IGA approach

If traditional IGA is a heavy, years-long lift, a modern approach is a continuous, outcome-driven program. It’s about building an iterative system that enables the business instead of slowing it down.

A modern approach focuses on three key shifts:

  • Fast time to value: Connect to all your applications and identities without years-long effort. This means moving away from custom SOWs and toward streamlined, out-of-the-box integrations leveraging robotic process automation (RPA) and APIs.
  • End-to-end automation: Shift from manual spreadsheets and ticketing overwhelm to automated, policy-driven workflows for access reviews and provisioning. This frees up your team to focus on high-value work while ensuring access is provisioned, revoked (when needed) and reviewed consistently.
  • AI-powered agility: AI is changing the workforce, and IGA is no exception. AI reduces effort in IGA by facilitating pre-approvals that can reduce effort by 61% while helping ensure least-privilege access.

How to move forward with modern IGA

The data is clear: IGA practitioners are struggling under the weight of manual tasks, partial integrations, and a rapidly expanding identity landscape. The challenges are significant, but relief is more accessible than it seems.

By embracing a modern approach to IGA, you can gain unified visibility across all your identities and applications, shifting your identity governance strategy from reactive and redundant tasks to a proactive, automated and purpose-built program for today’s hybrid enterprise. It’s time to move your identity governance program from a source of friction to a source of acceleration.

Tricia Peck is a senior product marketing manager at CyberArk.

Ready to take your IGA program to the next level? Download ESG’s report, “Identity Security at a Crossroads: Balancing Stability, Agility and Security,” to explore the data and discover actionable strategies for modernization.

Source: Enterprise Strategy Group eBook, Identity Security at a Crossroads: Balancing Stability, Agility, and Security, July 2025.