Security boils down to trust. Trusting that the code will do what is expected and is free from vulnerabilities. Trusting that the entities that interact with our data and resources have the right to access those resources.

While we have many ways to check that our code is trustworthy, we have traditionally addressed the trusted access question with the same approach: long-lived credentials. This approach to trusted access does not take into account who or what is requesting that resource. These secrets, which quite often leak, are an attacker's best friend and are how attackers think about getting into and moving throughout your system.

What if instead of simply asking for a security key or credential to gain access, our applications, workloads, and resources asked "Who are you and how can you prove that?" Humans can move towards leveraging our non-changing characteristics, like biometrics, which has seen wider adoption recently. But what about machines? Especially in the world where pods and workloads last for only hours or days?

Attend this session to:
- Better communicate about why we must do things differently and soon
- Learn how the open-source software community has looked at addressing the identity problem
- Understand what commercial options are available
- Map a path away from the world of long-lived credentials

The future of identity and access management is the future of security, IT, and, ultimately, business resiliency.