Your new hire starts Monday. As of Friday afternoon, her accounts aren’t provisioned, her access requests are sitting in a queue, and your service desk team is already working extended hours to try to keep up.
If you’ve run enterprise identity operations for any length of time, you know this situation well. Service level agreements are technically met. The dashboard looks fine. But new hires can’t log in on day one (or day five). Terminated employee accounts are still active weeks after their last day. Audit findings keep surfacing from the same root causes. Consistent quality is elusive.
It’s been called the watermelon SLA: green on the outside, red underneath. And it’s been the accepted state of enterprise identity service desk operations for the better part of two decades.
The model that created this wasn’t built for quality. It was built for cost. And most organizations have absorbed the consequences quietly: in user frustration, technology debt, and in security exposure that doesn’t always connect back to the service desk.
This isn’t a cost problem. It’s an identity debt problem and the balance sheet is larger than most organizations realize.
The identity debt problem
Identity debt accumulates the same way technical debt does, quietly and incrementally, until something forces the reckoning. Every account that isn’t de-provisioned at termination is a breach vector with an indefinite shelf life. Every provisioning delay that pushes a new hire’s start past day one is an operational and reputational liability. Every ticket that gets closed without fixing the upstream process that generated it is a future ticket already in the queue.
The traditional identity service desk model is structurally designed to generate identity debt. Large teams of generalists working through high ticket volumes are optimized for throughput, not quality. They close tickets. They don’t fix environments.
The cost of that tradeoff has become harder to ignore. IBM’s 2025 Cost of a Data Breach Report puts the average U.S. enterprise breach at $10.22 million. Identity-related failures are a primary driver of that number. When you run the math on what a single significant identity incident costs against years of service desk “savings,” the economics of the traditional model start to look very different.
The question isn’t whether organizations can afford a better model. It’s whether they can afford to keep running the old one.
AI changed the headcount equation
For two decades, the answer to scaling identity operations was the same: add headcount, reduce cost per head, accept the quality tradeoff. The math made sense in a world where human labor was the only variable.
AI changed that variable.
You don’t need a large team of generalists to handle ticket volume anymore. You need a smaller group of deep IAM specialists managing AI agents that handle the known, repeatable work — the requests that follow predictable patterns, draw from approved role definitions, and don’t require judgment to resolve. The AI handles the volume. The engineers handle the complexity.
The result isn’t just a faster identity service desk. It’s a fundamentally different kind of service desk — one that gets better over time instead of just keeping pace.
This is the model we’ve built at Novacoast. I’ve spent 25 years in this industry watching the traditional model play out at scale. The business case made sense on paper. What it couldn’t account for was the quality gap — and in identity, quality gaps become security problems.
When service leads see the same repetitive tasks coming through repeatedly, they train an AI agent to assist. When they see a category of requests that traces back to a broken integration, a misconfigured IGA workflow, or a process that doesn’t match how people actually work, they assign it to an IAM engineer. Not next quarter. Now. The ticket volume drops. The environment improves. That’s the compounding effect the offshore model was never designed to deliver.
The talent to do this has always existed. The tooling has always existed. What was missing was an economic model that made a higher-quality, locally-operated approach viable at scale. AI enables that model.
What this looks like in practice
The operational differences are meaningful, especially for organizations in regulated industries where identity service desk operations and compliance are inseparable.
Every ticket gets routed and prioritized automatically. Runbooks cover every common issue, no tribal knowledge, no resolution quality that varies based on who picks up the ticket. Engineers own access issues end-to-end: no handoff lag, no ping-pong between teams, no ticket that gets closed before the problem is actually resolved.
Orphan accounts get eliminated at termination, not days later when someone notices. That’s not just an operational improvement. For organizations subject to SOX, HIPAA, GDPR, or SOC2, it’s a compliance posture improvement. The audit trail is clean because the process is clean.
And when the same issue keeps surfacing, the same access request type, the same provisioning failure, the same downstream effect of an upstream process gap, it gets escalated to our IAM engineering practice and fixed at the root. The identity service desk gets quieter over time. That’s what it’s supposed to do.
Who this is built for
This model is designed specifically for organizations running identity operations in regulated environments, financial services, healthcare, energy, and public sector — where the cost of identity failures isn’t theoretical. Compliance requirements are real, audit cycles are real, and the gap between what the dashboard shows and what’s actually happening in the environment is where the exposure lives.
If your identity service desk is managed by a large offshore team, by an under-resourced in-house function, or by no clearly defined owner, and audit readiness, orphan account management, and consistent resolution quality are problems you’ve learned to live with, this is the conversation worth having.
The organizations getting ahead of this aren’t waiting for an audit finding or an incident to force the issue. They’re asking the question now: what would identity service desk operations look like if we built it for quality instead of cost?
If you’re running enterprise identity operations in a regulated environment and want to understand what a different model looks like, reach out to the Novacoast team. We’d like to start with your environment, not a pitch deck.
That’s where I’d like to start.
About the Author
Eron Howard
Eron Howard is COO at Novacoast, one of the largest IAM engineering practices in the United States. He has spent 25 years building and operating enterprise identity programs at scale.