![dealing-with-the-challenge-of-securing-machine-identities-[q&a]](https://thetechbriefs.com/wp-content/uploads/2025/08/54552-dealing-with-the-challenge-of-securing-machine-identities-qa.jpg)
Machine identities have proliferated in recent years, but while they offer convenience they also introduce new vulnerabilities.
We spoke to Ev Kontsevoy, Teleport CEO, to learm more about the problem of securing machine IDs and what enterprises can do to address it.
BN: What is the biggest security challenge for today’s computing environments?
EK: There are too many data breaches happening in the enterprise. The underlying reason is that while our individual computers might be trustworthy, cloud and datacenter infrastructure operating at scale is not. This is because of the large field of secrets like static credentials that are vulnerable to being exposed. And, beyond the risk that this field of secrets creates, the time spent handling them, auditing security posture, and remediating data exfiltration is also wasting a lot of engineering productivity.
To address this issue, we have to modernise identity, access, and policy for infrastructure – not just for humans, but every machine across infrastructure. We need to eliminate static credentials, consolidate identities, and replace standing privileges with just-in-time task-based authorization. When identities are consolidated, you can reason properly about whether human or machine access should be granted or denied. However, in most traditional IT architectures, these identities are fragmented across different systems and it is not possible to achieve this type of policy enforcement at the scale at which infrastructure operates.
BN: What’s your outlook on the growing complexity of machine identities? How should organisations address this?
EK: I believe it’s unsustainable to manage machine identities with static credential architectures.
In the infrastructure world, servers, workloads, and service accounts are measured in the thousands and millions. All forms of secrets, credentials, private keys, public keys, and browser cookies should be eradicated. This is a lesson that Google learned in the early 2000s, which basically says that as long as you have secrets somewhere, an attacker will inevitably find a way to target it at that scale. And when you add the scale of machine identities, you are now increasing risk and complexity in the enterprise by orders of magnitude. You can never make secrets reliable.
There’s already a trusted computing model gaining traction in the cybersecurity market that solves this and many more problems related to access and policy called Infrastructure Identity. This creates a trusted environment not just for machine identities but also for the humans that interact with them.
BN: What is Infrastructure Identity, and how is it different from traditional identity management?
EK: Infrastructure Identity is an approach focused on creating a single, secure, auditable framework for all your identities. That means you take every entity, be it or human or machine, and manage them as a consolidated layer in your infrastructure stack.
This is the basis for a modern infrastructure identity architecture. The security foundation of Infrastructure Identity is based on cryptographic authentication, not static credentials, which eliminates the risk and complexity that they create today in these environments. It further consolidates all identities and identity types, so that you can now reason properly about who (or what) should have access to what. Further, the access is only granted for a short period based on the task that requires it. It also extends the zero trust model to incorporate all identities.
BN: What does a ‘trustworthy’ computing environment look like?
EK: There’s no anonymity in a trusted computing environment. That’s the biggest advantage of the Infrastructure Identity approach. By consolidating cryptographic identities and managing them within a zero-trust model, this architecture basically eradicates anonymity in computing, making every action accountable and auditable. This transparency is absolutely essential for enforcing security policies and maintaining a robust security posture, directly supporting the implementation of short-lived privileges for a truly secure, scalable, and trustworthy infrastructure.
Further, it gives companies an advantage with respect to emerging technology. Every emerging technology being brought into production is on the one hand critical for businesses to stay competitive — because your competitors are adopting that tech as well. On the other hand, every new technology represents yet another attack vector. Every single layer of a technology listening on the network has its own idea of users, its own role-based access control, its own configuration and configuration syntax. That requires expertise, which most teams today lack to secure every little thing they have, and yet the future keeps bringing new things they need to secure. Trusted computing environments enable organizations to incorporate new technology into a unified security model, which reduces complexity and speeds up innovation.
BN: How will AI agents impact machine identity management?
EK: The risk with AI agents is that they become yet another silo in an identity landscape that is already extremely fragmented. Fragmentation of identity prevents enterprises from setting good policy in one place, and the introduction of AI agents suggests having to acquire yet another solution to manage their identity. We cannot afford to have an identity management platform for every single technology we deploy. That’s a recipe for disaster in terms of having visibility of security incidents.
We need visibility for AI agents. They’re the first technology that is susceptible to both malware- and identity-based attacks, because like humans, they behave non-deterministically. So if you deploy AI agents, they need to be integrated into a trusted computing paradigm. The Infrastructure Identity model here is great because it treats AI agents the same as any other employee in your organization.
BN: What other problems would an infrastructure identity architecture solve outside of just security?
EK: It’s so easy to get wrapped up in just the security implications of data breaches. But if you ask our customers and prospects about the primary benefits of adopting an infrastructure identity model, they always say that it actually improves productivity for engineers. That’s not surprising, because if you have things like just-in-time access, cryptographic identity, and you’ve extended zero trust to all your identities, then you never even have to think about access. Everyone has what they need at their fingertips, when they want it, but never more than that. That’s a level of peace of mind I think we all need right now.
Image credit: DenisSmile/depositphotos.com
