The fastest way to create a security mess is to let people change jobs faster than their permissions change with them.
Someone joins. Someone leaves. A contractor rolls off. A finance analyst moves into engineering. Human Resources updates Workday. Payroll knows. The manager knows. The person’s team knows. And the IT team? They invariably find out later, usually through a ticket, a log, or the unmistakable whiff of privilege drift.
That’s the Workday security gap.
Workday is the de facto system of truth for workforce context. In fiscal 2026, Workday reported more than 11,500 customers globally, including over 7,000 core HCM and Financial Management customers, and 1.7 billion AI actions across its platform. It’s not just HR software sitting politely in the corner. It’s becoming a major enterprise operating layer for HR, finance, IT, and AI-enabled workflows. Workday’s 2026 agent tools also point in that direction, with new capabilities to build, connect, and verify some AI agent security across HR, finance, and IT.
That Workday knowledge can serve as a critical point of identity reference, and be used to seamlessly secure everything else based on its context.
The obvious access problem
- Most access risk starts with ordinary business change:
- A user gets promoted. Their old access stays.
- A contractor leaves. Their SaaS access survives.
- A team changes. Their cloud permissions don’t.
- A manager approves something once, and it becomes part of the company’s ongoing record.
Meanwhile, attackers are getting faster. Verizon’s 2026 DBIR says 15% of documented attack techniques are now being bolstered by generative AI, helping threat actors move more quickly across the attack lifecycle. The UK government’s 2025/26 Cyber Security Breaches Survey found that 43% of UK businesses reported a breach or attack in the previous 12 months. For medium and large businesses, that rose to 65% and 69%.
That’s the backdrop. We can’t afford identity processes that depend on emails and ticket queues with zero urgency.
Better identity security starts with lifecycle signals
The useful signal isn’t just “this person exists.” It’s:
- Are they active?
- What department are they in?
- Who manages them?
- Have they changed roles?
- Are they a contractor?
- Has their assignment ended?
- Does their current access still make sense?
When Workday status changes, those signals should flow into IAM decisions. That’s where our Workday integration is useful: it brings HR context to IT teams, enabling them to automate access decisions based on changes in employment status. Trustle keeps IT and HR in sync, eliminating ticketing in termination processes, cutting onboarding time by 95%, and preventing orphaned accounts from becoming audit pitfalls.
“Onboarding team members used to take about an hour… now [with Trustle] it’s a couple of minutes.” - Mark Feldman, CEO, RevenueBase
That’s Workday context as an operational control, not just another dashboard.
Why ticketing is the wrong place for terminations
Tickets are fine for printer problems and the occasional “I’ve locked myself out again” and “turn it off and on again” day-to-day. They’re far from ideal for termination workflows in the fast-moving joiner/mover/leaver lifecycle.
When someone leaves, access removal should be fast and consistent. Our approach is to use Workday status changes to inform downstream action: syncing status to the identity provider, suspending identities, revoking groups and roles, and removing accounts across cloud platforms and SaaS apps.
Orphaned accounts rarely stir up drama, at first. They just sit there. Valid. Forgotten. The kind of thing auditors discover ten minutes before lunch when they ask, “Can you prove least privilege?”
Smarter access reviews need Workday context
Access reviews often fail because reviewers get permissions without meaning. A role name, group, or cloud policy rarely tells the whole story.
Workday context changes that. If we can see someone’s privileges alongside employment status, department, manager, and role, the review becomes less performative. We’re no longer asking, “Does this permission look scary?” We’re asking, “Does this access still match this person’s job?”
That’s a much better question.
It also helps with just-in-time access. Temporary access makes more sense when the system understands who the requestor is, where they sit, and whether their workforce status supports the request. It even helps identify where we can save on SaaS costs by identifying unused software.
The real goal: keep IT in the loop
Good identity security isn’t about adding more noise. It’s about keeping security teams connected to workforce reality.
When HR and IT stay in sync, onboarding gets faster, offboarding gets cleaner, access reviews get smarter, and orphaned accounts have fewer dark corners to hide in.
Want to see how HR context can drive cleaner access decisions? Start a Trustle free trial and connect Workday status to faster onboarding, safer terminations, smarter access reviews, and fewer orphaned accounts.




