Notifications
Clear all
Topic starter
14/05/2026 2:05 pm
TL;DR: Teleport’s interview with its senior sales director frames a familiar enterprise gap: identity tools often stop short of securing infrastructure itself, where humans, machines, workloads, and AI agents still need cryptographic control and policy enforcement. The practical lesson is that infrastructure identity remains a governance problem, not just a sales story.
NHIMG editorial — based on content published by Teleport: Meet the Sales Leader Who Leads From the Front and Won't Let You Settle for Less
Questions worth separating out
Q: How should security teams govern infrastructure identities alongside user identities?
A: Treat infrastructure identities as part of the same governance programme, but manage them with tighter lifecycle controls.
Q: When does policy-based access control reduce risk for NHI environments?
A: It reduces risk when policy is enforced at runtime and paired with short-lived credentials.
Q: What is the difference between managing human access and managing machine access?
A: Human access is usually governed through joiner-mover-leaver processes and interactive authentication.
Practitioner guidance
- Inventory infrastructure identities by control plane Create a single register for service accounts, workload identities, certificates, API keys, and agent credentials.
- Convert standing access into task-scoped access Replace persistent entitlements with short-lived approvals for administrative and machine access.
- Define separate trust paths for humans and agents Do not allow autonomous agents to inherit human operator assumptions.
With 79% of organisations having experienced secrets leaks, the governance bar is already higher than many teams assume, and audit evidence will matter as much as control design?
👉 Read Teleport's interview on infrastructure identity leadership and the security gap →
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
14/05/2026 2:06 pm
A few things worth adding from our research at NHI Mgmt Group.
Infrastructure identity is now an NHI governance problem, not a tooling category. The article’s core claim is that conventional IAM programmes still leave a gap once access shifts from business users to infrastructure components. That gap matters because the identities operating systems, pipelines, and agents are the ones that can move fastest and at the widest blast radius. Practitioners should treat infrastructure identity as part of the NHI estate, not as a separate technical silo.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to the Ultimate Guide to NHIs.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
A question worth separating out:
Q: Why do AI agents change infrastructure identity governance?
A: AI agents change the model because they can take actions, call tools, and operate without a human approving each step. That means the identity is no longer just a credential holder. It becomes an execution authority that needs explicit scope, continuous monitoring, and a clean revocation path when behaviour drifts.
👉 Read our full editorial: Teleport sales leadership and the infrastructure identity gap
