<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=7847562&amp;fmt=gif">
Get started
Back to News & Insights

One Company. Seven IAM Platforms. Twelve Key Systems. Zero Governance.

When people talk about identity governance, they usually talk about applications, cloud platforms, privileged accounts and business systems. Physical access is often treated as a separate discipline. That is exactly where the problem starts.

This is the story of NorthBridge Infrastructure Group, a fictional multinational operating in the critical infrastructure sector. The company owns and operates energy assets, logistics hubs, water infrastructure and industrial service locations across Europe and North America.
On paper, NorthBridge was a mature organisation. It had strong cybersecurity policies, a central risk function, a global CISO office and a clear ambition to standardise identity governance across the enterprise. In practice, physical access was a mess. Not because people were careless. Not because the business did not care about security. But because the organisation had grown through acquisitions, and every acquisition brought its own technology stack, its own operating model and its own legacy.

Over fifteen years, NorthBridge acquired more than twenty companies. Each came with different IAM and IGA systems, different HR processes, different contractors, different facility teams and different electronic key systems. The result was predictable.

NorthBridge had:

  • multiple IAM platforms
  • several IGA solutions
  • different HR source systems
  • local Active Directory environments
  • fragmented contractor databases
  • multiple electronic key platforms
  • mechanical key inventories
  • regional access policies
  • inconsistent revocation processes
  • limited central reporting
  • no enterprise-wide audit trail for physical keys

The cybersecurity team had visibility over digital accounts. The facility teams had partial visibility over keys and cylinders. Local operations teams knew how things worked in their region. But nobody had one reliable answer to a simple question:

Who has physical access to which critical asset, why, based on which approval, and when should that access be revoked?

That question became urgent when NorthBridge started preparing for stricter regulatory scrutiny under NIS2, CER and sector-specific resilience requirements. The board did not want another dashboard. It wanted control.

The acquisition problem nobody wanted to own

Every acquisition added commercial value to NorthBridge, but it also created governance debt. The acquired companies were not badly managed. They had simply made local technology decisions that made sense at the time.

One business unit used SailPoint. Another used Microsoft Entra ID with custom workflows. A recently acquired utility services company relied on One Identity. Several smaller subsidiaries still used local identity stores and manual approval processes. The same fragmentation existed on the physical access side.
Some regions used ASSA ABLOY CLIQ. Others had iLOQ. Certain operational sites used older electronic key systems. Several critical locations still relied on mechanical keys combined with spreadsheets, local procedures and informal knowledge. The digital identity world and the physical access world had developed in parallel.

That created a structural problem: an employee could lose digital access within hours after leaving the company, while physical key access could remain active for days, weeks or sometimes longer. Contractor access was even harder to manage, especially where third parties worked across multiple sites, countries and asset types.

The risk was not theoretical.

A former contractor could still hold an active key. A regional maintenance team could retain access to assets after a contract change. A local administrator could grant emergency access without the central IGA platform ever seeing it. A key could be lost, but the revocation process might depend on local knowledge and manual follow-up. For a multinational operating critical infrastructure, that is not an operational inconvenience. It is a governance failure.

The hidden cost of fragmented key management

NorthBridge initially looked at the issue as a security problem. That was only half the story. The financial and operational burden was just as significant. Local teams spent thousands of hours per year on manual key administration. Facility managers maintained spreadsheets. Security teams chased approvals. Contractors called service desks. Audit teams requested evidence that had to be collected manually from several systems.

A simple access change could trigger a chain of manual work: HR updates an employment status -> IAM updates digital access -> The local site manager receives an email -> A facility administrator checks the key system -> Someone updates rights manually -> Someone else confirms the change.
In some cases, nothing happens until an audit or incident exposes the gap.

This model does not scale. The management burden became more visible after NorthBridge launched a central efficiency programme. The conclusion was blunt: physical access governance was consuming too much operational capacity, while still not delivering acceptable control. The company was paying twice.
First through administrative overhead. Second through unmanaged risk.

Why replacing everything was not realistic

One option was to standardise everything:  One IAM platform. One IGA platform. One electronic key system. One global operating model.
It looked attractive in a strategy slide. It failed in the real world.

NorthBridge’s infrastructure estate was too large, too distributed and too operationally sensitive. Replacing all IAM, IGA and key systems would take years, cost tens of millions and create unnecessary migration risk. Several local platforms were deeply embedded in operational processes. Some key systems were linked to specific assets and regional compliance obligations. Some countries had local vendor contracts. Some sites had no reliable network connectivity. Some assets were remote, unmanned or safety-critical.

The CIO put it simply:

“We cannot rip and replace our way out of fifteen years of acquisition history.”

NorthBridge needed a different architecture. Not another silo. Not another local key management tool. Not another custom integration per region. It needed a governance layer between identity systems and physical access systems.
That is where Key2XS entered the discussion.

Key2XS as the governance layer for physical access

Key2XS was evaluated as a middleware and governance platform connecting IAM and IGA systems to electronic key systems. The strategic value was not that Key2XS replaced existing identity platforms or key systems. It did not need to. The value was that Key2XS created a controlled integration layer between them.

For NorthBridge, that meant Key2XS could connect multiple identity sources, such as SailPoint, Entra ID, Okta, One Identity or other IAM environments, to multiple electronic key systems, including CLIQ and iLOQ-based environments. Instead of treating physical keys as local assets managed outside enterprise governance, Key2XS made them part of the identity lifecycle.
That changed the operating model.

Access to physical infrastructure could now be governed based on:

  • identity
  • role
  • employment status
  • contractor status
  • location
  • asset type
  • approval workflow
  • policy rules
  • time window
  • emergency access conditions
  • audit requirements

The key was no longer just a physical object. It became an identity-controlled access token.

From manual administration to policy-driven governance

Before Key2XS, NorthBridge had too many manual handovers between HR, IAM, facilities and operations. After implementing Key2XS as a governance layer, the target model became much cleaner.

When a person joined the organisation, changed role, moved project, joined a contractor team or left the company, the relevant identity signal could trigger a physical access workflow. Access rights could be granted, changed or revoked based on approved policies. Emergency access could be logged and controlled. Lost keys could trigger structured follow-up. Expired contractor access could be removed automatically.

The operational impact was significant. Facility teams no longer had to interpret every identity change manually. IAM teams no longer had to pretend physical access was outside their scope. Security teams gained visibility. Audit teams gained evidence. Management gained control. The reduction in management burden came from standardising the process without forcing immediate standardisation of every underlying system.

That is the core point: Key2XS did not remove complexity by pretending it was not there. It absorbed complexity into a governance layer.

Why this matters for critical infrastructure

For a normal office environment, fragmented key management is inefficient. For critical infrastructure, it is unacceptable.

NorthBridge operated sites where physical access could affect energy continuity, public safety, transport resilience and environmental risk. Many assets were unmanned. Some were geographically dispersed. Several were operated by contractors. In some locations, the electronic key was the main control between an authorised person and a critical asset.
That makes governance non-negotiable.

A mature organisation must be able to prove:

  • who has access
  • who approved that access
  • why the access is needed
  • whether the access is still valid
  • when it was last used
  • how quickly it can be revoked
  • whether exceptions are controlled
  • whether emergency access is visible
  • whether contractors are removed when their work ends

Without that evidence, physical access remains a blind spot in enterprise risk management. And blind spots are exactly what regulators, insurers, boards and attackers care about.

The business case: less risk, less manual work, better auditability

The Key2XS business case for NorthBridge was built around three value drivers.

1. Governance and compliance

Key2XS gave the organisation a central control layer for physical access governance. This improved audit readiness and helped align physical access with enterprise identity governance principles.

For NorthBridge, this was important because physical access could no longer be defended as a local facilities issue. It had become part of cyber resilience, operational resilience and regulatory accountability.

2. Operational efficiency

The fragmented model required too much manual administration. Every access change that depended on emails, spreadsheets or local interpretation created cost and delay. By automating workflows between IAM, IGA and key systems, Key2XS reduced repetitive administration and lowered the dependency on local key administrators.

This did not eliminate local operational responsibility. It made it manageable.

3. Risk reduction

The most expensive access incident is usually the one that was preventable. Delayed revocation, excessive access, unmanaged contractor keys and poor exception handling are all avoidable risks.

Key2XS helped NorthBridge reduce those risks by connecting physical access to the identity lifecycle and by enforcing policy-based access decisions.

Why middleware beats another silo

Many organisations respond to fragmented physical access by buying another system. That often makes the situation worse. Another system creates another database, another admin process and another integration backlog. It may improve one local process, but it does not solve enterprise governance.

NorthBridge needed orchestration. That is the difference.

Key2XS functioned as an integration and governance layer. It allowed the company to keep existing investments where appropriate, while still moving toward centralised control and standardised processes.

This matters in critical infrastructure because large estates cannot be transformed overnight. Legacy will remain. Regional differences will remain. Vendor diversity will remain. The winning model is not perfection. It is control over imperfection.

The board-level conclusion

NorthBridge did not buy Key2XS because it wanted a better key administration tool. It bought Key2XS because physical access had become an enterprise governance issue. The board understood three hard truths:

  1. Acquisitions had created structural fragmentation.

  2. Replacing every IAM, IGA and key system was financially and operationally unrealistic.

  3. Physical access to critical assets could no longer be managed outside identity governance.

Key2XS offered a practical route forward. It connected existing systems. It reduced manual work. It improved auditability. It brought physical access under governance. It gave the company a scalable model for future acquisitions.

That last point was decisive. NorthBridge was not done acquiring companies. Without a governance layer, every future acquisition would add more access complexity. With Key2XS, new businesses could be onboarded into a controlled access model without waiting for full technology standardisation.

Final takeaway

Critical infrastructure organisations do not fail at physical access governance because they lack technology. They fail because the technology landscape is fragmented, the processes are local and the accountability is unclear. For multinationals built through acquisition, that problem is multiplied.

Multiple IAM systems. Multiple IGA systems. Multiple key platforms. Multiple countries. Multiple contractors. Multiple interpretations of the same policy. That is not governance. That is managed chaos.

Key2XS gives these organisations a way out. Not by replacing every system, but by connecting identity governance to physical access control and turning keys into governed access assets.

For companies like NorthBridge, the real question is no longer whether physical access belongs in enterprise governance. It does. The only question is how fast the organisation is willing to close the gap.
Key2XS
More Articles