Secrets & machine identity elevated to CISO discipline (PQC urgency)
Key Questions
What is Cloudflare's plan for post-quantum cryptography?
Cloudflare is fast-tracking PQC rollout to full platform coverage by 2029, prioritizing ML-KEM/DSA hybrids to counter quantum threats. This accelerates protection against 'harvest now, decrypt later' attacks.
Why is PQC urgency elevated for CISOs?
Google's 2029 PQC deadline and Thales reports show 59% piloting PQC amid dropping cloud encryption (47%), driven by AI misconfigs. HPE SPIFFE and NIST ML-KEM support machine identity elevation to CISO discipline.
What are top threats from OWASP Broken Access Control?
OWASP Broken AC and Cisco Duo role abuse account for 65% of initial access in PAN reports, highlighting IAM risks in cloud environments. Strengthening pre-login identity proofing and lifecycle management is critical.
How does AILeakMonitor address secrets leakage?
AILeakMonitor launched to detect AI secrets surges (81%), focusing on NHI drift and IaC chaos with 92% over-privileging and 62% dormant identities. It aids SailPoint and Adactin in securing machine identities.
What advancements in MFA and biometrics are highlighted?
Entra external MFA GA with RSA ID Plus Agent 365, Proton Authenticator E2EE 2FA, and HID converged FIDO2/PKI/passkeys (75% evaluating) enhance identity security. These counter multi-tenant SaaS SSO risks.
How are NHIs protected from unauthorized access?
NHIs are secured through reduced risk via security protocols, compliance, and efficiency gains like lifecycle management. Tools like SpecterOps BloodHound Enterprise APM for Okta/GitHub prevent privilege abuse.
What are 2026 audit focuses for identity security?
2026 audits target MFA/RBAC/Okta/CyberArk/Custom Controls and PAM best practices to address cloud encryption gaps and AI-driven risks. Thales OneWelcome CIAM supports CIAM in multi-tenant environments.
Why is cloud data encryption falling behind?
Thales reports 47% drop in cloud encryption due to AI/misconfigs despite increased security spending, urging PQC pilots. Nginx/Cloudflare ZT and AWS IAM mitigate these risks.
Cloudflare fast-tracks PQC to 2029 full platform (ML-KEM/DSA hybrids, auth priority vs quantum threats); OWASP Broken AC/Cisco Duo role abuse top threats (PAN 65% initial access); Thales report: cloud encryption 47% dropping (AI/misconfigs), PQC pilots 59%; Google 2029 PQC deadline; HPE SPIFFE/NIST ML-KEM; Nginx/Cloudflare ZT/AWS IAM risks; Proton Authenticator E2EE 2FA; Thales OneWelcome CIAM; Entra external MFA GA + RSA ID Plus Agent 365; HID converged FIDO2/PKI creds/biometrics/passkeys (75% evaluating); AILeakMonitor launch for AI secrets (81% surge); SailPoint/Adactin highlight NHI drift IaC chaos (92% over-priv/62% dormant)/pre-login identity proofing/lifecycle mgmt; SpecterOps BloodHound Enterprise APM for Okta/GitHub; 2026 audits MFA/RBAC/Okta/CyberArk/Custom Controls Sept/PAM best practices; multi-tenant SaaS SSO risks.