How SailPoint adaptive identity helps NASCIO’s top 10 priorities

Each year, NASCIO’s top 10 priorities shape the strategic focus for state CIOs, emphasizing the critical balance between innovation and security. For 2026, transformative areas such as AI governance, robust cybersecurity, and system modernization take center stage, demanding forward-thinking solutions.

Achieving secure, scalable growth in this evolving landscape requires an identity-first approach. SailPoint’s adaptive identity security empowers agencies to align seamlessly with NASCIO’s vision, protecting sensitive data while enabling innovation at scale.

In the sections below, discover how SailPoint’s solutions directly address NASCIO’s 2026 priorities, equipping state agencies to tackle these challenges with confidence and agility.

1. Artificial Intelligence/GenAI/Agentic AI/Machine learning

The rapid deployment of AI, alongside the growing use of unapproved "Shadow AI" tools by employees, introduces significant new governance challenges. Agencies must ensure these powerful tools—whether officially sanctioned or not—don’t access or expose sensitive data outside authorized boundaries.

Imagine a state agency employee using a free online AI tool to summarize a sensitive internal report, inadvertently exposing confidential data. At the same time, the agency is officially rolling out a GenAI-powered virtual assistant that needs broad access to be effective. Over time, the official bot’s permissions expand as new features are added, but without regular oversight, it retains unnecessary privileges—opening the door for misuse if its credentials are ever compromised.

SailPoint's platform provides a unified control plane to govern ALL identities—human, machine, and AI agents. Our solutions can also discover every type of shadow AI in your environment, from simple AI-powered browser extensions to the powerful agent builder platforms used to create custom AI. End-to-end visibility and governance for AI agents treats them as the active identities they are, mitigating risk.

2. Cybersecurity and risk management

Cyber threats are constantly evolving, with attacks such as phishing and credential theft exploiting excess privileges and weak access controls. For example, consider a state health agency managing sensitive citizen data across a large, distributed workforce. Without automated oversight, deprovisioning lags when contractors leave, and old accounts remain active—opening doors to potential breaches or compliance violations.

SailPoint tackles this challenge with adaptive security controls that monitor unusual activity, enforce least-privilege access, and quickly contain threats if credentials are compromised—limiting potential damage and safeguarding agency networks.

3. Budget/Cost control/Fiscal management

With limited budgets, state CIOs must find ways to cut operational costs without sacrificing security or service quality. For instance, a state department still handling access changes and deprovisioning through manual processes can end up with staff spending hours updating spreadsheets, missing critical access removals, or duplicating efforts—ultimately wasting resources and increasing risk.

SailPoint automates identity lifecycle management—onboarding, changes, and offboarding—which reduces manual effort, cuts administrative expenses, and ensures only necessary access is maintained. By streamlining audit preparations and reducing the risk of costly breaches, this centralized and efficient approach helps agencies maximize their resources and operate confidently within tight fiscal constraints.

4. Modernization

Picture a state agency striving to upgrade its operations but held back by deep legacy systems—including decades-old mainframes that still house critical data—that resist integration with new cloud applications. Employees end up juggling different logins for the mainframe and cloud apps, while outdated permissions linger in the legacy environment, slowing down workflows and exposing the organization to unnecessary risk.

SailPoint helps agencies modernize safely by providing unified identity governance that spans all platforms, from the mainframe to the latest cloud service. By automating onboarding, access reviews, and policy enforcement across this hybrid environment, SailPoint ensures consistent controls and reduces manual work, making modernization faster, safer, and less disruptive.

5. Digital government/Digital services

The ultimate goal of digital government is to provide timely, secure, and accessible services to citizens. However, this becomes difficult when managing countless user identities across disconnected platforms, increasing both risk and complexity. For example, when a social worker needs access to a new benefits system, a delay of days or weeks due to manual processes can directly prevent a family from receiving critical aid.

SailPoint provides the secure identity foundation essential for modern digital services. By automating and centralizing access for all users across all platforms, SailPoint ensures that government employees can serve citizens efficiently and without delay. This provides agencies the unified control and adaptive security needed to keep digital government moving at the speed of life.

6. Accessibility

Ensuring equitable access for all citizens, including individuals with disabilities, is a cornerstone of digital government and a key compliance requirement.

SailPoint supports accessibility by enabling a secure and user-friendly access experience for everyone. Our platform helps agencies deliver on their promise of accessibility without compromising security by integrating with flexible authentication methods compatible with various assistive technologies and ensuring a simple, consistent login process across all state services.

7. Identity & access management

Managing identity and access across a diverse and distributed workforce is an ongoing challenge for state agencies. For instance, a large state agency may handle thousands of identities—employees, contractors, and non-humans across departments and legacy systems. When access rights are tracked manually—using spreadsheets or disparate processes—it's easy for outdated permissions to linger as employees change roles, greatly increasing the risk of unauthorized access or compliance violations.

SailPoint addresses this challenge by automating identity and access management across all users and systems. With centralized controls and seamless integration into agency infrastructure, SailPoint helps ensure users have the right access—when and where they need it—while reducing workload, improving security, and supporting compliance.

8. Data management & analytics

Managing vast amounts of sensitive state data across departments is challenging, as data sprawl and inconsistent controls increase the risk of unauthorized access and compliance violations. For example, when a department launches a new analytics tool to improve reporting, unclear role definitions and insufficient oversight can result in sensitive datasets being accessed by users who shouldn't have permission—creating privacy risks and audit findings.

SailPoint centralizes data governance by unifying visibility and control over sensitive information. Automated classification, policy enforcement, and real-time monitoring protect data, prevent unauthorized access, and help agencies meet privacy regulations.

9. Consolidation/optimization

As agencies work to consolidate IT systems and resources across departments, they often face challenges like inconsistent identity management and security gaps. For example, when merging multiple data centers, different team users may retain legacy permissions, leave orphaned accounts, and create compliance risks. Manual coordination can easily overlook who should have access to what, making it harder to secure the new, unified environment.

SailPoint addresses this by centralizing identity governance, giving agencies unified visibility and control over access across platforms. With automated policies and streamlined processes, SailPoint helps reduce complexity, improve operational efficiency, and ensure secure, consistent access management throughout consolidation efforts.

10. Cloud services

As agencies adopt more cloud services, managing consistent access and securing sensitive information becomes increasingly complex. This challenge is magnified as agencies look to leverage powerful, cloud-based AI services that require access to vast datasets to be effective.

For example, imagine a state agency that has rapidly expanded its use of cloud platforms. Without centralized identity controls, employees accumulate excessive permissions, and former staff retain lingering access—creating hidden security gaps. Now, if that agency tries to deploy a cloud-native AI tool to analyze its data, it has no way to properly govern what the AI can see or do. This creates an unacceptable risk of a massive, automated data breach.

SailPoint provides the essential governance fabric for the modern cloud environment. By centralizing identity controls for both humans and AI across all cloud platforms, we give you a single pane of glass to see who—and what—has access to your data. This allows your agency to confidently embrace the power of cloud and AI, knowing that access is secure, compliant, and always under your control.

The 2026 NASCIO priorities reflect a government in transition—moving toward intelligence, automation, and cloud-native agility. However, this transformation introduces new risks that traditional security models cannot handle. SailPoint’s adaptive identity security provides the foundation state CIOs need to innovate safely. By ensuring that every identity—human or machine—has the right access to the right resources at the right time, SailPoint empowers states to secure their future while delivering better services to their citizens today.

Ready to align your agency’s security strategy with NASCIO’s 2026 vision? Watch our webinar to learn how adaptive identity can secure your digital transformation.

DISCLAIMER: THE INFORMATION CONTAINED IN THIS DOCUMENT IS FOR INFORMATIONAL PURPOSES ONLY, AND NOTHING CONVEYED IN THIS DOCUMENT IS INTENDED TO CONSTITUTE ANY FORM OF LEGAL ADVICE. SAILPOINT CANNOT GIVE SUCH ADVICE AND RECOMMENDS THAT YOU CONTACT LEGAL COUNSEL REGARDING APPLICABLE LEGAL ISSUES.