White Paper  ·  Identity Governance

Measuring What Moves

A Dynamic Metrics Framework for Identity Governance Responsiveness. Four named metrics for a measurement gap modern IGA programs cannot afford to keep carrying.

Author Vidyaa Ganesh
Publisher Identara
Published
Format PDF · 18 pages
Suggested Citation
Ganesh, V. (2026). “Measuring What Moves: A Dynamic Metrics Framework for Identity Governance Responsiveness.” Identara. https://identara.ca/papers/measuring-what-moves/
Style Identara house DOI n/a Version 1.0
Download PDF Open in new tab
Abstract

The gap between governance work and governance tempo.

Identity Governance and Administration (IGA) programs are designed to ensure that appropriate access is maintained across organizational resources. However, the operational metrics used to evaluate these programs remain overwhelmingly static and activity-based: certification completion rates, provisioning speed, and policy violation counts. These metrics measure whether governance work was performed, not whether the governance program is keeping pace with the rate at which access states change.

This paper examines the gap between the continuously evolving nature of access environments and the periodic, checkpoint-based governance models that most organizations rely on. We propose four named metrics (Entitlement Drift Rate, Governance Lag, Justification Half-Life, and Trust Gradient) designed to function as program-level indicators of governance responsiveness, analogous to the role DORA metrics play in measuring software delivery performance. The framework is applied to both human and non-human identity (NHI) governance contexts, positioned not as a replacement for existing IGA measurement approaches but as a complementary layer that captures the dynamic properties current metrics do not address.

Keywords Identity Governance IGA Access Dynamics Non-Human Identity Governance Metrics Zero Trust Continuous Identity DORA Metrics
The Framework

Four metrics for a measurement gap.

Each metric formalizes a property current IGA reporting does not capture: rate, latency, decay, and confidence.

EDR
Entitlement Drift Rate
The rate at which entitlements change across a governed population between checkpoints, decomposed into gross velocity, net drift, and unreviewed drift.
GL
Governance Lag
The elapsed time between the moment an access state becomes inappropriate and the moment the governance program detects it. The true risk window.
JHL
Justification Half-Life
The estimated duration before a business justification for access loses half its original relevance, estimated from certification, usage, and context signals.
TG
Trust Gradient
A continuously updated confidence score for standing access grants, blending time-since-validation, usage recency, context stability, and peer alignment.
Contents

What's inside the paper.

  1. 01Introduction
  2. 02Literature Review: continuous governance, NHI, existing metrics, the DORA precedent
  3. 03Gap Analysis: rate, detection latency, justification relevance, trust currency
  4. 04Proposed Framework: EDR, GL, JHL, TG
  5. 05Application to Non-Human Identity Governance
  6. 06Relationship to Existing Frameworks: CAEP, IGA metrics, Zero Trust
  7. 07Discussion: practical implementation and program design
  8. 08Future Research Directions
  9. 09Conclusion
  10. REFReferences (26 sources)

If you cite this paper or reference it in your work, please use the citation block above.

Download the PDF Back to Insights