The framework

What is the Drift Model?

The Drift Model maps the lifecycle of a security control across six stages - from the moment it's intended to satisfy a framework, to the moment auditors confirm it's working. At every stage, small mismatches can creep in. Drift is the cumulative gap that opens up between what the organisation says it does and what it actually does - silently, and often invisibly until something breaks.

Ideal - the documented promise
Actual - the silent reality
INTENTREALITY1INTENT2CONTROL3IMPLEMENTATION4REALITY5AUDIT6DRIFT

Click any stage to explore

Reading the model

How to read this diagram

Two cycles, one truth. The diagram shows the same six-stage lifecycle, drawn twice.

The dashed violet circle is the ideal - the cycle as the framework prescribes it, as the policy documents it, as the audit imagines it. The violet pulse traces this path: the documented promise, still being maintained on paper.

The solid maroon path is the actual cycle - what really happens in the organisation. Stages 1, 2, and 3 sit perfectly on the ideal: Intent is documented, Control is written, Implementation is deployed. The system is doing what it said.

From Stage 4 (Reality) onward, the actual cycle peels outward from the ideal - reality begins exceeding what the controls were designed to contain. By Stage 5 (Audit), the gap is significant but invisible: auditors confirm the paperwork while reality drifts further. By Stage 6 (Drift), the gap has compounded into the silent risk that surfaces, eventually, as a breach.

The space between the two cycles - the area where drift lives - widens with each stage, then carries forward into the next loop. The cycle never fully resets. Drift compounds.

From theory to practice

Now spot drift in the wild

Theory only sticks when you apply it. Try a scenario in the Lab.

Enter the Lab →