Opinions expressed by Digital Journal contributors are their own.
Despite an abundance of digital tools, internal communication still continues to be a hurdle in large organizations. McKinsey uncovered that employees are spending nearly 20% of their working week finding an internal document or simply trying to locate the colleague best suited to assist with a particular matter. The economic toll is steep: According to a report by Grammarly, businesses are losing approximately $1.2 trillion every year due to poor communication among employees. This loss includes lost productivity, misunderstandings, and delays in execution.
These systems don’t break in spectacular fashion. They fail quietly, leaving behind stale memberships, communication blind spots, and growing compliance risks. Distribution Lists (DLs) and their dynamic counterparts, Dynamic Distribution Lists (DDLs), are designed to organize who gets what message, and when. In practice, they often act like fixed mailing labels in a world where teams shift constantly and access needs evolve by the day.
That is the situation Surendra Vitla stepped into as a software engineer with nearly a decade of experience, assigned to a global financial intelligence firm as part of its identity and access management (IAM) initiatives. Surendra, currently working at TechDemocracy LLC, was then embedded at the capital market firm as a key contributor on identity and access management (IAM) initiatives. He noticed that their DDL system, built on top of Microsoft Identity Manager (MIM) and reinforced by custom PowerShell scripts, was struggling under its own weight. Updates were manual. Rules were hard-coded. HR changes took days, sometimes weeks, to reflect in the mailing lists that defined operational workflows.
Rather than patching the system, Surendra proposed something that, at first, sounded like overreach: what if the organization stopped treating DLs as an afterthought of IT and instead treated them as governed identity assets? Specifically, what if the same platform used to manage access, SailPoint IdentityIQ, also governed communication groups?
It was a big ask. SailPoint wasn’t built for communication governance. But Surendra argued that its core strength, real-time identity lifecycle management, was exactly what the firm needed to regain control over its communication architecture.
Over the next few months, Surendra built a rules engine inside SailPoint that replaced the firm’s brittle MIM scripts. He wired the system into live HR feeds from Workday and synchronized identity data from Active Directory. Distribution Lists weren’t just updated, they were rebuilt. More than 1,500 DDLs were rebuilt from the ground up with custom-built SailPoint objects, where naming conventions, exclusion rules, and role-based filters were all incorporated into the framework.
There were no off-the-shelf lists. They reflected the nuances of how the business operated. Some lists grouped employees by job title or cost center; others by application access, managerial hierarchy, or country of operation. Contractors, executives, and joint venture affiliates were selectively filtered in or out. The goal wasn’t to simplify DDLs. It was to reflect the real, evolving contours of a global organization in near-real time.
While discussing the project, he shares, “The project wasn’t about automation for its own sake. It was about ensuring that the right people were in the right conversations, at the right time, with traceability baked in.”
The operational results were immediate. DL-related support tickets dropped by more than 80%. Manual effort shrank by 5,000 hours annually. And the cost savings, roughly $300,000 per year, didn’t come from layoffs or budget cuts. They came from not having to constantly fix what shouldn’t have broken in the first place.
But the most significant shift wasn’t financial. It was cultural. Teams that had relied on workaround solutions started seeing distribution lists as infrastructure, not just convenience. The solution became a reference model within the firm and was soon extended to govern application notification groups, onboarding flows, and policy alerts. Surendra’s project had reframed what identity governance could do, not just who could access what, but who should be informed.
Surendra demonstrated that communication can be governed securely, transparently, and in real time. He showed this by treating communication as a first-class citizen of identity infrastructure. In a time when misrouted information can cause anything from compliance lapses to public relations missteps, that’s not just an operational upgrade. It is a strategic one.
Today, the firm’s SailPoint instance doesn’t just tell systems who can access a dashboard. It tells them who should receive the alert when something goes wrong. It tells HR which new hires should be enrolled in mandatory training. It tells finance which directors need visibility into contractor spending.
The lists are still dynamic. But now, they’re accountable.
Surendra Vitla is quick to downplay the personal credit. “I saw a gap and had the tools to close it. That’s it,” he says. But within the identity governance community, the work is drawing quiet attention. Other teams, from adjacent industries, are starting to investigate whether SailPoint or some similar platform can carry a double burden: both for access and for awareness.
In an industry where complexity often overshadows clarity, this project showed the real value of practical and well-integrated interventions. No flash innovation, no sweeping claims. Instead, it tackled a long-standing problem with precision and collaborative effort, which led to a new internal standard for effective communication governance. A technical fix for communications was not the end result; it was the model for how modern organizations could inscribe trust in their communication systems. And if there is one hopeful thought, that might just be it.
