Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

When I speak to customers across EMEA, one thing is clear: regulations like the EU's Digital Operational Resilience Act (DORA) are becoming very real, very fast. Financial institutions and their service providers are being asked to do more than ever before to demonstrate secure operations, especially when it comes to managing access to infrastructure. That's exactly why we hosted a recent webinar in partnership with Falx. The goal?

Modern infrastructure is already complex, characterized by distributed environments, multi-cloud deployments, and dynamic change. Now add Large Language Models (LLMs) to the mix, and the challenge grows exponentially. Engineering leaders are under pressure to deliver innovation fast, while also safeguarding against breaches, misconfigurations, and human error. That’s why initiatives like eliminating static credentials, enforcing just-in-time access, and reducing SSH key sprawl are gaining traction.

Just-in-time (JIT) access isn’t easy. This Reddit thread of cybersecurity pros surfaces many of the most common JIT headaches — and you may be encountering those same challenges yourself. As noted in the thread, no users should be “swimming in access”, especially as standing privileges and over-permissioned accounts continue to be a major source of breaches. The truth is, many JIT models struggle to keep up with today’s fast-moving, cloud-native environments.

The standout themes at KubeCon + CloudNativeCon Europe 2025 in London strongly centered on how identity is rapidly becoming the linchpin for securing cloud-native infrastructure. The recurring theme I saw wasn’t just Kubernetes innovation—it was the rising urgency of securing the who behind every action across platforms, clusters, services, and tools.

Attackers are not just targeting your people. They have their sights set on your infrastructure, too. That's why identities (not perimeters) are the new attack surface. In our latest webinar, Ev Kontsevoy, CEO of Teleport, and Jack Poller, Principal Analyst at Paradigm Technica, break down why traditional identity and access approaches are insufficient to support resiliency in modern computing environments as attack surfaces increase and identity volumes explode. Their conclusion is clear.

In February of 2025, North Korean state-backed cybercriminals stole over $1.9 billion from a popular crypto exchange. That's a mind-boggling amount of money, let alone from a breach. But here's the craziest part; it was excruciatingly simple. In short, it went down like this: an engineer was phished, attackers located static API keys — and just like that, attackers had direct access to critical cloud resources. Static credentials strike again.