Notifications
Clear all
Topic starter
09/06/2026 11:22 pm
TL;DR: API and platform teams increasingly shape identity boundaries for services, secrets, and agentic workloads, and Kong Connect 2026 is an in-person conference in Los Angeles on Sept. 30 to Oct. 1, 2026, with keynotes, product launches, hands-on workshops, deep technical sessions, and an optional certification training track limited to 100 seats, according to Kong.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should security teams govern identity at API gateways and platform layers?
A: Security teams should treat API gateways, service meshes, and platform policy engines as identity enforcement points, not just traffic infrastructure.
Q: Why do workload identities create governance gaps in platform environments?
A: Workload identities create governance gaps when credentials, certificates, and tokens are issued in one system but consumed in many others.
Practitioner guidance
- Audit API gateways as identity enforcement points Trace where authentication, token validation, and policy enforcement occur across gateway and mesh layers.
- Inventory workload credentials across platform layers Map certificates, API keys, JWTs, and vault-issued secrets to the services that consume them.
- Separate static service access from runtime agent actions Do not let a long-lived service identity inherit the same permissions as a session-driven agent.
What to expect at the briefing
Kong's full event page covers the logistics and session detail this post intentionally leaves at the topic level:
- Conference schedule details for keynotes, workshops, and deep technical sessions across the two-day programme
- Information on the optional certification training track and the limited 100-seat in-person add-on
- Pricing tiers for early bird, standard, and last-chance registration windows
- Sponsor and exhibitor information for teams evaluating the broader platform ecosystem
👉 Read Kong's full Kong Connect 2026 event page →
Kong Connect 2026 in Los Angeles: what does it mean for IAM teams?
Explore further
10/06/2026 1:40 am
API infrastructure is increasingly where identity governance is actually enforced, even when IAM teams do not own it. Conferences like this matter because gateway, platform, and developer tooling now sit on the path of authentication, token exchange, and service-to-service access. That makes the operational boundary between API management and identity management far less clean than most programmes assume. Practitioners should treat API layers as identity control points, not just application plumbing.
A few things that frame the scale:
- Only 19.6% of security professionals express strong confidence in their organisation's ability to securely manage non-human workload identities, according to The 2024 Non-Human Identity Security Report.
- 35.6% of organisations cite managing consistent access across hybrid and multi-cloud environments as their top NHI security challenge.
A question worth separating out:
Q: Who should own access decisions when identity controls are spread across multiple platforms?
A: One accountable owner should be assigned for each control layer that can grant, narrow, or revoke access. Without that split of responsibility, identity control plane drift sets in and no team can explain which system is authoritative for denial, revocation, or audit evidence.
👉 Read our full editorial: Kong Connect 2026 in Los Angeles: IAM implications for builders
