TL;DR: Matrix Conference 2025 reinforced that Matrix is moving from experimental secure messaging toward production-grade, federated collaboration, with work on Matrix 2.0, Matrix-based whiteboards, and post-quantum and MLS research shaping the next phase, according to SSH Communications Security. The governance question is no longer whether the protocol is viable, but how identity, trust, and lifecycle controls scale across collaboration ecosystems.
NHIMG editorial — based on content published by SSH Communications Security: Matrix Conference 2025 and the evolution of secure, decentralized communication
Questions worth separating out
Q: How should organisations govern federated collaboration platforms like Matrix?
A: Treat federated collaboration as an identity governance domain, not just a communications tool.
Q: Why do open communication standards create new access governance challenges?
A: Open standards reduce lock-in, but they also distribute trust across organisations, devices, and servers.
Q: How can security teams manage secure collaboration as the platform expands beyond chat?
A: They should govern collaboration roles, not just messaging accounts.
Practitioner guidance
- Define federation ownership boundaries Map which team owns homeserver policy, cross-domain trust decisions, and exception handling before expanding Matrix-based collaboration beyond pilot users.
- Extend access reviews beyond accounts Review room membership, workspace roles, and device trust together so collaboration access is evaluated as a full entitlement set rather than as a single login.
- Plan encryption agility early Document how key rotation, group rekeying, and future cryptographic migration will be handled for long-lived collaboration channels and sovereign deployments.
What's in the full article
SSH Communications Security's full article covers the operational detail this post intentionally leaves for the source:
- Conference-specific observations from Matrix Conference 2025, including the themes raised by participants and the event context.
- Examples of Matrix-based collaboration projects such as NeoBoard and how they were discussed in practice.
- The article's framing of Matrix 2.0, post-quantum cryptography, and Messaging Layer Security for future deployments.
- SSH's own perspective on how SalaX Secure Messaging aligns with Matrix's evolution and open-source collaboration.
👉 Read SSH Communications Security's analysis of Matrix's secure collaboration evolution →
Matrix 2.0 and secure collaboration: what changes for IAM teams?
Explore further
Matrix’s maturity shift changes the governance question from adoption to control design. Once a federated communications platform is treated as production infrastructure, the identity problem is no longer limited to secure message transport. It becomes a question of how organisations govern membership, device trust, key lifecycle, and interoperability across organisational boundaries. The implication is that collaboration security now needs the same governance discipline as any other shared access surface.
A few things that frame the scale:
- 88.5% of organisations acknowledge that their non-human IAM practices lag behind or are merely on par with their human identity and access management efforts, according to The 2024 Non-Human Identity Security Report.
- 59.8% of organisations see value in a solution that simplifies non-human access management and introduces dynamic ephemeral credentials, according to The 2024 Non-Human Identity Security Report.
A question worth separating out:
Q: What should identity teams prioritise for long-lived encrypted collaboration channels?
A: They should prioritise encryption agility, group key lifecycle management, and migration planning for new cryptographic standards. Long-lived channels need a path for rekeying and algorithm change, otherwise the collaboration layer can become resilient operationally but brittle cryptographically.
👉 Read our full editorial: Matrix 2.0 turns secure messaging into collaboration infrastructure