monday.com outlines security strategy as app growth outpaces identity control

Cerby and monday.com used a public webinar titled "Inside monday.com’s Security Strategy: When App Growth Outpaces Identity Control" to frame a fast‑growing app estate as the core risk to identity programs. Cerby promotional materials and LinkedIn posts for the briefing promoted specific outcomes: "Secured 200+ apps outside SCIM and API-based identity tools," identity coverage rising "from 20 percent to 78 percent," and a claimed savings of "3,300 IT hours annually."

The session was billed as a live security‑community briefing and Cerby promoted it on LinkedIn with a calendar entry showing March 11, 2026 at 10:00 AM PT. Sources for the event also list it as a public webinar; Cerby’s LinkedIn page snapshot showed 16,657 followers in promotional material. Lior Zagury, identified across all materials as Director of Global IT at monday.com, is listed as a presenter. Cerby’s promotional pages and the original event listing list Matt Chiodi as Chief Strategy Officer at Cerby, while at least one LinkedIn post named Belsasar Lepe Lepe, Cerby’s CEO, as a co‑presenter. The promotional materials advise confirming the final speaker roster with Cerby or monday.com.

Promotional copy framed the problem in blunt terms: "What happens when app growth moves faster than identity control?" Cerby and LinkedIn posts say monday.com found "hundreds of business‑critical apps lacking SCIM or security APIs" that "fell outside existing identity tools," driving "manual access workflows, rising risk, and limited visibility." The materials repeat the assertion that "Most identity lifecycle programs stop where SCIM and APIs end," positioning the gap as a predictable coverage failure as SaaS portfolios expand.

Promoted operational guidance in the LinkedIn post moved from diagnosis to process prescriptions. The post asks "Who should say ‘yes’ when someone requests access?" and lays out a practical model: "manager confirms the need, app owner approves the risk, IAM enforces policy and logs, and governance handles rules and exceptions." The promotion further warns, "When ownership is unclear, two things usually happen: 1. approvals drag on, or 2. access gets approved 'just to unblock' and then never revisited."

Cerby's product positioning was explicit: "Cerby extends lifecycle management to apps your identity tools can’t reach, without replacing your existing IAM stack." The event page tied that pitch to on‑demand titles in Cerby’s content hub, including "The 2025 IGA Playbook: Automating Workflows and Closing the Coverage Gap" and "Solving the Last Mile in Identity Lifecycle Management: Why Automation is the Future," and pointed attendees to assets such as a "Cost Savings Calculator" and "Customer Stories."

Cerby promotional copy also cited peer examples: "Teams like monday.com, ClickUp, and Deel replaced brittle workarounds with automated, auditable identity controls," and claimed customers have cut "manual access tasks by up to 97%." Those numeric results and the 200+ app, 20% to 78% coverage, and 3,300 IT hours figures all appear in Cerby’s LinkedIn and event materials; the numeric claims are vendor supplied and should be corroborated with monday.com for methodology and scope.

The webinar materials underscore a practical tension inside monday.com’s IT organization: app proliferation is outpacing SCIM and API‑based controls, forcing a mix of automation, named decision ownership, and third‑party tooling. How closely the Cerby figures match monday.com’s internal audits will determine whether these vendor‑provided metrics become a playbook other product organizations can follow as app sprawl accelerates.