This view keeps each lane tied to the dominant identity-cost weakness so leadership can tighten the right thing first.
| Lane | Tier | Dimension | Risk headline | Drift signal | Blocking issue | Drift | License waste | Review burden | Duplication | Control gap |
|---|---|---|---|---|---|---|---|---|---|---|
| Entra and Microsoft 365 identity estate | PRESSURED | LICENSE_OVERLAP | Board-visible platform maturity is arriving faster than access-spend discipline. | Premium entitlements stay attached after role changes, and review cycles do not reclaim them fast enough. | One role transition still leaves too many residual licenses and duplicated control assignments behind. | 72 | 81 | 64 | 58 | 55 |
| Privileged access and secrets governance | CONSTRAINED | TOOL_DUPLICATION | The trust story is strong, yet the tooling stack is still more expensive and heavier than it needs to be. | Secrets, session, and access review workflows still branch across separate systems that partially duplicate each other. | One privileged control story still requires evidence from too many adjacent products and review paths. | 77 | 63 | 69 | 82 | 61 |
| Procurement and vendor access operations | PRESSURED | REVIEW_DRIFT | The enterprise sales motion is credible, but access governance is still more manual and expensive than necessary. | Questionnaire users, trust-room collaborators, and proof-room admins still linger beyond the narrow window in which they are useful. | One commercial diligence packet still creates too many temporary access decisions without one clean review standard. | 66 | 57 | 73 | 49 | 53 |
| FinTech merchant and treasury control estate | BROKEN | UNUSED_ENTITLEMENT | High-value controls are being reused as if they were permanent, not exceptional. | Merchant, treasury, and KYC contributors still keep premium or elevated access long after the triggering work ends. | One control exception still tends to create multiple long-lived entitlements with weak cleanup follow-through. | 81 | 74 | 71 | 54 | 77 |
| Nonprofit and foundation collaboration access | PRESSURED | GUEST_SPRAWL | Low-friction collaboration is masking a growing cleanup and license burden. | Outcome proof, grant evidence, and stewardship rooms still accumulate outside collaborators faster than they shed them. | One shared program packet still spawns too many persistent guest accounts without one clear closeout owner. | 64 | 49 | 61 | 43 | 57 |
| Robotics and override operator access | CONSTRAINED | ROLE_BLOAT | Innovation access is outrunning role precision. | Fleet, sensor, and override work still rely on broad operator roles instead of one narrower evidence-backed access model. | One technical responder still keeps more standing access than the lane’s actual operating rhythm requires. | 70 | 52 | 58 | 51 | 69 |