Notifications
Clear all
Topic starter
25/06/2026 10:24 pm
TL;DR: Encryption, key management, and protected data handling remain tied to identity governance across machine and human access paths, as ASPG’s MegaCryption event on July 2 is a cryptography-focused webinar listing with no substantive technical detail. The absence of operational detail means practitioners should read it as a reminder that cryptography only works when identity, entitlement, and secret handling are controlled.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
A: Teams should govern cryptographic material as an identity asset, not as a standalone technical control.
Q: Why do encrypted systems still suffer serious exposure when secrets are poorly managed?
A: Encryption protects data in transit or at rest, but it does not stop misuse by identities that already hold valid access.
Practitioner guidance
- Map cryptographic assets to identity owners Create a register of keys, certificates, tokens, and the humans or workloads that can retrieve or use them.
- Fold crypto review into lifecycle governance Review issuance, renewal, rotation, and revocation alongside joiner-mover-leaver processes for both human and non-human identities.
- Reduce shared secret exposure paths Replace shared keys and embedded credentials where possible, and track every system that can present or store cryptographic material.
What to expect at the briefing
ASPG's full event listing covers the cryptography theme and registration details this post intentionally leaves to the source:
- The webinar timing and attendance details for practitioners who want to join the session live.
- The event context and product-area framing around ASPG's MegaCryption line.
- The source page's direct registration path for teams evaluating the session.
- The surrounding ASPG navigation and product references that place the event in its broader portfolio.
👉 Register for ASPG's MegaCryption event on cryptography →
Cryptography and identity security: what does the MegaCryption event mean?
Explore further
25/06/2026 10:55 pm
Cryptography is an identity control problem as much as a data protection problem. Encryption fails operationally when the identities behind it are unmanaged, over-privileged, or impossible to retire cleanly. The control that matters is not just key strength, but whether the organisation can prove which human and machine identities can touch protected material. Practitioners should treat crypto governance as part of IAM and NHI governance, not as a separate security silo.
A few things that frame the scale:
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap.
A question worth separating out:
Q: Which identity controls should be reviewed before expanding cryptography programmes?
A: Review inventory, entitlement scope, renewal workflow, and offboarding before expanding the programme. Cryptography only reduces risk when access to keys, certificates, and protected data is tightly bounded. Teams should verify that human and machine identities are both covered by the same governance model.
👉 Read our full editorial: MegaCryption event signals cryptography matters for identity security
