Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Modern infrastructure is already complex, characterized by distributed environments, multi-cloud deployments, and dynamic change. Now add Large Language Models (LLMs) to the mix, and the challenge grows exponentially. Engineering leaders are under pressure to deliver innovation fast, while also safeguarding against breaches, misconfigurations, and human error. That’s why initiatives like eliminating static credentials, enforcing just-in-time access, and reducing SSH key sprawl are gaining traction.

Just-in-time (JIT) access isn’t easy. This Reddit thread of cybersecurity pros surfaces many of the most common JIT headaches — and you may be encountering those same challenges yourself. As noted in the thread, no users should be “swimming in access”, especially as standing privileges and over-permissioned accounts continue to be a major source of breaches. The truth is, many JIT models struggle to keep up with today’s fast-moving, cloud-native environments.

The standout themes at KubeCon + CloudNativeCon Europe 2025 in London strongly centered on how identity is rapidly becoming the linchpin for securing cloud-native infrastructure. The recurring theme I saw wasn’t just Kubernetes innovation—it was the rising urgency of securing the who behind every action across platforms, clusters, services, and tools.

Attackers are not just targeting your people. They have their sights set on your infrastructure, too. That's why identities (not perimeters) are the new attack surface. In our latest webinar, Ev Kontsevoy, CEO of Teleport, and Jack Poller, Principal Analyst at Paradigm Technica, break down why traditional identity and access approaches are insufficient to support resiliency in modern computing environments as attack surfaces increase and identity volumes explode. Their conclusion is clear.

In February of 2025, North Korean state-backed cybercriminals stole over $1.9 billion from a popular crypto exchange. That's a mind-boggling amount of money, let alone from a breach. But here's the craziest part; it was excruciatingly simple. In short, it went down like this: an engineer was phished, attackers located static API keys — and just like that, attackers had direct access to critical cloud resources. Static credentials strike again.

Managing PostgreSQL access is a pain for engineering teams. Setting up users, roles, and keeping track of permissions slows down engineers. Security risks may emerge in the form of shared admin accounts or missteps in user setup or authorization workflows. Check out this screenshot from a Reddit thread discussing this problem.

In Teleport 17 we made the switch from RSA to ECDSA and Ed25519, and it paid off with improved security and significant performance benefits. This was a major undertaking; Teleport has used 2048-bit RSA keys for just about everything since our initial release. Switching to new key types and signature algorithms came with serious compatibility concerns given the broad range of environments Teleport is deployed in and the number of third party tools that use or trust Teleport-issued certificates.

“We need to get stuff done – but I’m not supposed to let you.” Shipping high priority code, meeting tight release deadlines, fighting incident fires —there are countless reasons why today's engineering teams need to move at lightspeed. This need for speed may put them at odds with security objectives.

One of the most dangerous threats to your infrastructure lurks unnoticed: shadow access. Shadow access can take many forms: privileged credentials left behind by former employees, shared keys embedded in code, or ad-hoc access granted outside of policy. These hidden risks can leave your organization vulnerable to breaches, compliance drift, and insider threats — all while remaining invisible to traditional security tools.

In our recent webinar, Simplifying Zero Trust Security for AWS with Teleport, experts from AWS and our team at Teleport explore some of the critical challenges in securing modern cloud infrastructure, and illustrating how they can be solved by adopting a zero trust strategy.