Notifications
Clear all
Topic starter
25/06/2026 2:56 pm
TL;DR: As corporate boundaries dissolve, identity, certificate, device, and machine-to-machine controls become the primary trust layer, according to DigiCert’s analysis. The governance problem is no longer whether the perimeter exists, but whether identity, integrity, and lifecycle controls can scale across users, devices, services, and software without creating operational blind spots.
NHIMG editorial — based on content published by DigiCert: Digital trust for the perimeter-less enterprise
By the numbers:
- 69% of security leaders agree identity management must fundamentally shift to address agentic AI systems.
Questions worth separating out
Q: How should security teams govern trust when the corporate perimeter is no longer reliable?
A: They should move from boundary-based assumptions to explicit identity, certificate, and policy enforcement across every access path.
Q: Why do connected devices create a different identity governance problem than users?
A: Connected devices operate continuously, often at scale, and may be produced, deployed, and operated by different teams.
Q: What breaks when certificate lifecycles are not managed centrally?
A: Renewal failures, inconsistent ownership, and missed revocation can disrupt production services and weaken trust in encrypted communication.
Practitioner guidance
- Inventory trust-bearing identities across the estate Catalogue users, servers, devices, certificates, and machine-to-machine identities under a single ownership model so the enterprise can see where trust is created, delegated, and retired.
- Tie certificate renewal to operational monitoring Assign renewal alerts, escalation paths, and service ownership to every certificate class so expiration risk is detected before production services fail.
- Extend lifecycle governance to connected devices Define enrolment, update, revocation, and retirement controls for device identities, including how brownfield and greenfield devices are authenticated together.
What's in the full article
DigiCert's full blog covers the operational detail this post intentionally leaves for the source:
- How certificate management supports secure email, signatures, software integrity, and encrypted communication across the enterprise.
- The expanding role of PKI administrators across server identities, device identities, and audit trails for remediation.
- The operational burden created by shorter public trust certificate validity periods.
- How digital trust building blocks connect standards, compliance, trust management, and connected trust.
👉 Read DigiCert's analysis of digital trust in the perimeter-less enterprise →
Perimeter-less enterprise trust: what IAM teams need to know?
Explore further
25/06/2026 4:11 pm
The perimeter-less enterprise makes identity the control plane, not a supporting function. Once location no longer defines trust, access decisions have to be governed through identity, certificate, and policy controls that apply everywhere. That shifts the centre of gravity from network defence to lifecycle-driven trust administration across users, devices, and services. Practitioners should plan for identity governance to carry more of the security burden than traditional boundary controls ever did.
A few things that frame the scale:
- 69% of security leaders agree identity management must fundamentally shift to address agentic AI systems, according to The 2026 Infrastructure Identity Survey.
- Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption.
A question worth separating out:
Q: How do IAM and PKI teams work together in a perimeter-less enterprise?
A: They should align around shared ownership of access, authentication, and trust enforcement. IAM manages who or what can access resources, while PKI supplies the cryptographic identities and certificates that make those access decisions trustworthy. When the two are disconnected, organisations create gaps between policy and technical enforcement.
👉 Read our full editorial: Digital trust for the perimeter-less enterprise and identity
