• Explore
  • Blog
  • Podcast
  • Community
  • About
  • Services
  • Contact
Menu

Exploring Information Security

Securing the Future - A Journey into Cybersecurity Exploration
  • Explore
  • Blog
  • Podcast
  • Community
  • About
  • Services
  • Contact

The image was created by Gemini

The New Perimeter: Why Identity is the Last Line of Defense in a Zero Trust World

December 26, 2025

This is a blog post based on the transcript from episode 251 of the Exploring Information Security podcast. It was created with the help of Gemini and edited by a human.

In the early days of networking, security was relatively straightforward: you built a wall around your data center and managed a single directory for your users. Today, that perimeter has vanished. With the explosion of cloud environments, federated access, and a mobile workforce, identity has become the new perimeter—and the primary target for modern cybercriminals.

In a recent episode of the Exploring Information Security podcast, Matt Topper, President of UberEther, joined me to discuss the evolving landscape of Identity and Access Management (IAM) and why a true Zero Trust strategy is more critical than ever.

The Identity Crisis: Beyond GRC

For years, many organizations viewed Identity and Access Management primarily through the lens of Governance, Risk, and Compliance (GRC)—a box to be checked for auditors. However, as Topper points out, the modern threat landscape has shifted IAM firmly into the center of security operations.

Legitimate credentials are now the easiest and most effective way for attackers to gain access to an environment. Whether through social engineering, purchasing leaked credentials on Telegram, or bribing disgruntled employees, once an attacker has a legitimate identity, they can bypass most traditional security tools and move laterally through a network.

Zero Trust vs. "VPN 2.0"

While "Zero Trust" has been a buzzword for over a decade, Topper warns that many organizations are falling into the trap of implementing what he calls "VPN 2.0". They deploy a new client to connect to services but fail to address the core pillars of a true Zero Trust architecture.

A robust Zero Trust strategy requires linking multiple signals together—including the health of the device, the identity of the user, and machine-to-machine communications. It’s not just about the network; it’s about ensuring that every access request is continuously verified based on all available context.

The Rise of Non-Human Identities

One of the most significant and often overlooked risks in modern environments is the proliferation of non-human identities. These include:

  • API Keys and Tokens: Used by services and applications to communicate with one another.

  • Service Accounts: Automated accounts that perform tasks within an environment.

  • Devices: Mobile phones, servers, and IoT devices that require network access.

These identities often run unchecked and carry broad permissions. As we move toward a world of AI agents and Model Context Protocol (MCP) servers, mapping and governing these non-human identities will be the next major security frontier.

Shared Signals: A Path Toward Better Defense

Topper is hopeful about emerging frameworks like the Shared Signals Framework from the OpenID Foundation. This open-source approach allows different vendors—such as Google, Salesforce, and Microsoft—to exchange security information in real-time.

For example, if an identity provider detects a credential compromise, it can send a signal to a SaaS application like Salesforce to immediately revoke that user's sessions and force re-authentication. This level of cross-organizational collaboration is essential to closing the window of opportunity for attackers.

The Human Risk and Data Quality

Finally, the conversation highlighted the ongoing challenge of data quality. IAM systems are only as good as the data they receive from source systems like HR. Topper suggests that exposing this data directly to users and help desks can help organizations identify and fix inconsistencies before they lead to security gaps or operational friction.

Closing Thoughts: Identity as the Foundation

As organizations continue to embrace the cloud and AI, the old ways of securing the network are no longer sufficient. Identity is no longer just a checkbox for compliance; it is the foundation of modern security. By focusing on continuous verification, governing non-human identities, and leveraging shared signals, organizations can move toward a Zero Trust model that actually protects their data in an increasingly complex world.

To learn more about UberEther and their approach to identity, visit UberEther.com.

In Podcast Tags IAM, Zero Trust
← Making Security Stick: Lessons from Cybersecurity Awareness MonthDecember 2025 - ExploreSec Cybersecurity Threat Intelligence Newsletter →

Latest PoDCASTS

Featured
Dec 23, 2025
[RERELEASE] What is application security?
Dec 23, 2025
Dec 23, 2025
Dec 16, 2025
The Final Frontier of Security: The State of Space Security with Tim Fowler
Dec 16, 2025
Dec 16, 2025
Dec 9, 2025
How to Manage Cybersecurity Awareness Month
Dec 9, 2025
Dec 9, 2025
Dec 2, 2025
Exploring the Next Frontier of IAM: Shared Signals and Data Analytics
Dec 2, 2025
Dec 2, 2025
Nov 25, 2025
How to Close the Cybersecurity Skills Gap with a Student Powered SOC
Nov 25, 2025
Nov 25, 2025
Nov 18, 2025
What is the 2025 State of the API Report From Postman?
Nov 18, 2025
Nov 18, 2025
Nov 11, 2025
How AI Will Transform Society and Affect the Cybersecurity Field
Nov 11, 2025
Nov 11, 2025
Nov 4, 2025
[RERELEASE] How Macs get Malware
Nov 4, 2025
Nov 4, 2025
Oct 28, 2025
[RERELEASE] Why communication in infosec is important - Part 2
Oct 28, 2025
Oct 28, 2025
Oct 21, 2025
[RERELEASE] Why communication in infosec is important
Oct 21, 2025
Oct 21, 2025

Powered by Squarespace