Notifications
Clear all
Topic starter
08/06/2026 4:04 pm
TL;DR: Hybrid working has expanded the identity perimeter, and Axiad argues that security teams need to manage users, machines, emails, documents, and verification flows together because 90% of IT leaders reported more cyberattacks after the pandemic. The core issue is that identity assurance fails when governance is fragmented across too many credential types and access paths.
NHIMG editorial — based on content published by Axiad: Identity crisis? It’s time to take the holistic approach
By the numbers:
- 90% of IT leaders reported an increase in cyberattacks since the pandemic.
Questions worth separating out
Q: How should security teams govern identity in a hybrid workforce?
A: They should govern identity as a lifecycle that spans people, devices, machines, and documents rather than treating login as the only control point.
Q: Why do machine identities matter in IAM programmes?
A: Machine identities matter because servers, applications, mobile devices, and IoT endpoints authenticate, exchange data, and often hold privileged access.
Q: What breaks when identity proofing is weak?
A: Weak proofing lets the organisation issue credentials to the wrong person or entity, which means later access controls are protecting an assumption that was never verified.
Practitioner guidance
- Define a full identity inventory Catalogue human users, service identities, device identities, and application identities in one register so owners, credential types, and assurance requirements are visible together.
- Extend PKI governance to machines Treat certificate issuance, renewal, revocation, and discovery as lifecycle controls for servers, mobile devices, applications, and IoT endpoints, not as infrastructure afterthoughts.
- Standardise identity proofing before issuance Require proofing checks before credentials are created or reissued, especially for customers, partners, and remote employees who will never meet the help desk in person.
What's in the full article
Axiad's full blog covers the operational detail this post intentionally leaves for the source:
- The practical breakdown of PKI-based machine identity handling for servers, mobile devices, applications, and IoT devices.
- The Axiad Cloud workflow for issuing, managing, and troubleshooting multiple credential types in one place.
- The identity proofing approach for remote onboarding and faster verification using document and biometric capture.
- The Airlock directive flow that forces required actions before users regain full access to the system.
👉 Read Axiad's blog on holistic identity controls for the hybrid workforce →
Hybrid workforce identity risk: what IAM teams need to cover now?
Explore further
08/06/2026 5:30 pm
Identity governance has to cover the full trust chain, not just the login event. The article is effectively describing a programme design failure where organisations optimise for authentication while leaving machine identity, signing, issuance, and proofing in separate lanes. That approach breaks down once work becomes distributed and remote because trust is now created across multiple identity moments. Practitioners should treat identity as a lifecycle and assurance model, not a point control.
A few things that frame the scale:
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, according to Ultimate Guide to NHIs.
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.
A question worth separating out:
Q: Should organisations use signing to reduce phishing risk?
A: Yes, where the business depends on trusted remote communication and document exchange. Signing helps recipients verify the sender and integrity of the content, which reduces the chance that a convincing phishing message or altered document will be accepted as legitimate. It works best when paired with certificate governance and user training.
👉 Read our full editorial: Identity crisis in the hybrid workforce needs holistic identity controls
