TL;DR: European platform, SRE, and DevOps teams are prioritising auditability, data locality, and self-hosted control for zero trust access, according to Pomerium’s KubeCon EU 2025 recap. The signal for IAM leaders is that sovereignty, observability, and protocol coverage now shape access architecture as much as policy design.
NHIMG editorial — based on content published by Pomerium: Zero Trust Without Lock-In: What We Heard at KubeCon EU 2025
By the numbers:
- Only 5.7% of organisations have full visibility into their service accounts.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
- 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.
Questions worth separating out
Q: How should teams govern zero trust access in self-hosted environments?
A: Teams should define the control plane as part of the trust boundary, then verify where policy decisions, logs, and metadata live.
Q: Why do non-HTTP protocols complicate zero trust architecture?
A: Because zero trust often starts with web applications and then leaves administrative and operational channels outside policy enforcement.
Q: When should organisations prioritize self-hosted access control over managed access services?
A: They should prioritise self-hosted control when auditability, data locality, resilience, or regulatory sovereignty are non-negotiable.
Practitioner guidance
- Map every access path outside HTTP Inventory SSH, DNS, syslog, UDP, and any other non-web protocol that bypasses your current policy layer.
- Separate policy enforcement from vendor dependency Document where access decisions are made, where logs are retained, and which controls fail if the control plane becomes unavailable.
- Extend zero trust to workload and AI-driven access Treat AI agents and workloads as distinct actor types that still need contextual policy evaluation.
What's in the full article
Pomerium's full article covers the operational detail this post intentionally leaves for the source:
- The release-level breakdown of v0.29.0 features, including OpenTelemetry tracing and UDP tunneling.
- The product-specific explanation of native SSH support and how the access flow is implemented.
- The conference-grounded examples from banking, healthcare, and critical infrastructure teams.
- The practical framing of how the platform positions itself for self-hosted and airgapped environments.
👉 Read Pomerium's KubeCon EU 2025 recap on zero trust without lock-in →
Zero trust without lock-in: what does it change for IAM teams?
Explore further
Self-hosted access control has become a governance requirement, not a deployment preference. European teams are not simply expressing a taste for on-premises software. They are signalling that auditability, data locality, and operational control now shape whether an access platform is acceptable in regulated environments. The implication is that identity programmes increasingly have to justify the control plane itself, not just the policy inside it.
A few things that frame the scale:
- 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which is why zero trust programmes fail when non-human access remains opaque.
A question worth separating out:
Q: How do AI agents change the zero trust access model?
A: AI agents increase the number of runtime decisions that must be governed, because access is no longer only about a user session. The programme has to decide what the agent can reach, under what context, and whether those decisions are traceable enough for audit and containment.
👉 Read our full editorial: Zero trust without lock-in puts control and auditability first