The lifecycle wheel
Seven equal stages, one center. Built as a sibling to the KPMG NHI Lifecycle Management slide so the deck and the app feel like one body of work. The side panel updates as you select segments.
The seven stages at a glance
Same content as the wheel panel, laid out so the whole lifecycle is visible on one scroll — useful for handout and PDF view.
Discovery & Inventory
Find every NHI across IdPs, directories, cloud, SaaS, and code. Vendor evaluation compares coverage on identical data.
Classification
Assign ownership, assess access scope and embedded NHIs, prioritize remediation by criticality and exposure.
Lifecycle & Governance
Naming, provisioning, certification, deprovisioning, AI-agent offboarding — least-privilege enforced end-to-end.
Accounts & Permissions Review
Review and adjust excessive permissions; remove inactive or shared accounts; segregate environments to limit lateral movement.
Credentials Management
Vault and rotate; move from plain-text to encrypted/passwordless; federate workload identity (Entra WI / AWS IAM RA / GCP WIF).
Monitoring
NHIDR/ITDR analytics, anomaly detection, EDR signal ingestion, and false-positive reduction for human/NHI interactions.
Preventive Controls
JIT / ephemeral credentials, runtime PDP, sub-agent governance, session isolation, prompt-to-action policy — stop attacks before they land.
Lifecycle stage — UC backbone
One row per stage with the primary UC that owns it and the supporting UC that feeds or audits it. Some capabilities are cross-cutting or on the roadmap and don’t sit on a single stage — see the note below the table.
| # | Lifecycle stage | Primary UC (owns this stage) | Supporting UC |
|---|---|---|---|
| L1 | Discovery & Inventory | UC-02 Discover | UC-01 Foundry — seed dataset |
| L2 | Classification | UC-02 Discover — risk-tier | UC-01 Foundry — risk-pattern injection |
| L3 | Lifecycle & Governance | UC-03 Govern — joiner / cert / leaver | UC-04 Comply — audit evidence |
| L4 | Accounts & Permissions Review | UC-03 Govern — quarterly certification | UC-04 Comply — attestation |
| L5 | Credentials Management | UC-03 Govern — vault, rotate, federate | UC-02 Discover — secrets discovery |
| L6 | Monitoring | Future expansion | Future expansion |
| L7 | Preventive Controls | Future expansion | UC-04 Comply — EU AI Act |
- UC-01 Foundry — the synthetic-enterprise dataset that lets the lifecycle run on realistic data; a precondition, not a stage.
- UC-04 Comply — audit-evidence and EU AI Act overlay; every stage produces evidence into it.
- Future expansion — DSPM (data-context), Business Value (ROI), Authorize (agentic runtime), and Agentic Resilience (monitoring) extend the wheel as the program matures.
How to read this view
Designed to be the first page of any executive deck or customer conversation. Three honest lines deliver the framing.
- Know → govern → watch → prevent. The wheel reads clockwise. You can’t skip ahead — preventive controls (L7) rely on monitoring (L6), which relies on lifecycle (L3), which relies on classification (L2), which relies on discovery (L1).
- The same seven stages apply to all three populations. Standard NHI, privileged NHI, and AI agents all flow through this lifecycle — only the depth of controls per stage differs. See the current-state control-gap heatmap for the population view.
- Every stage maps to a specific UC backbone in the catalog. Click any segment to see the use cases that own it.