Protecting identities has never been easy. But as attackers increasingly use identity to gain initial access, four forces are coming together to strain traditional security methods and push defenders to adapt faster. Combined, they are a nightmare for those responsible for
protecting identities, according to
Lauren Taylor, vice president for product and customer marketing at Keyfactor.
“Traditional identity security assumes a world that no longer exists, one where identities are mostly human, relatively static, and slow enough to manage by hand,” Taylor told MSSP Alert. “All four of these forces break that assumption at once, and they break it in the same place: you can't secure what you can't see, manage, or change fast enough. That's what makes them damaging together rather than just individually.”
The factors include the much-written-about AI identity sprawl created by the
explosion of non-human identities (NHIs) tied in large part to AI agents, copilots, and autonomous systems that are being spun up and torn down at machine speeds, making them impossible for a human to track.
For attackers, “an unmanaged or over-privileged agent identity is an ideal target: it's powerful, it's trusted by other systems, and nobody's watching it,” she said.
There also is the
near-future risks posed by quantum computing, which will be powerful enough to break the public-key cryptography that secures most data – and is being prepped for by cybercriminals that already have stolen a lot of encrypted data and waiting for the same they can use quantum systems to decrypt it in the “harvest now, decrypt later” mode – and increased pressure from regulators and standards bodies that are moving from recommending security measures be in place to requiring them.
Shorter certificate lifespans
Then there is the
shortened lifespan of Transport Layer Security (TLS) certificates to prepare for the coming quantum computing era. The maximum certificate lifetime fell from 398 to 200 days in March, and will fall further to 100 days and then to 47 days by
The first step in the three-phase approach takes effect March 15, when the maximum certificate lifetime drops from 398 to 200 days. Next year, that number will fall to 100 days, and in 2029, to 47 days.
“At that cadence, manual renewal simply stops working,” Taylor said.
She added that for attackers,
“every one of these forces expands the attack surface while shrinking the time defenders have to respond. More identities, shorter windows, long-lived secrets, and visibility gaps – that's the exact terrain attackers want. Traditional, manual, human-paced approaches don't just underperform here; they actively create openings.”
Now comes the Trust Control Plane
Keyfactor is looking to close those openings with the release this week of the Trust Control Plane, a single place for managing cryptography assets and infrastructure and for visibility, automated operations, and governance enforcement for security teams throughout their environments.
“The Trust Control Plane is best understood as an operating model for trust infrastructure, not a single product you bolt on,” she said. “It runs as a continuous loop across five stages, and the loop is the point: trust isn't something you establish once, it's something you maintain as your environment changes.”
The tool finds every cryptographic asset and machine identity, assesses what’s at risk – from what’s vulnerable to threats to what’s quantum-exposed – and then issues and replaces identities and certificates at scale. It also automates the lifecycle across systems organizations already use – renewal, rotation, and replacement happen at machine speed – enforces policy, proves compliance, and maintains an audit trail.
A tool for MSSPs
The Trust Control Plane fits comfortably with what MSSPs need to do to manage identities for their clients, according to
Kimber Garrett, vice president of North American channels at Keyfactor.
“As the nature of identity threats continues to evolve, MSSPs need to recognize that attackers are increasingly targeting identities – both human and machine – rather than traditional network perimeters, Garrett told MSSP Alert. “This shift requires a more proactive approach that combines strong access controls, continuous monitoring, threat detection, and identity-centric security strategies to reduce risk and strengthen resilience.”
The offering gives MSSPs a scalable way to manage trust across the customer base with a single tool. It centralizes visibility and control over certificates, keys, and machine identities so service providers can automate routine operations, reduce risk, and enforce security policies throughout the multiple environments they’re responsible for.
“As machine identities continue to proliferate, the ability to manage trust at scale will become a key differentiator for service providers looking to deliver more strategic security outcomes for their clients,” she said.
Acquisitions made it possible
Keyfactor laid the groundwork for Trust Control Plane last year by acquiring InfoSec Global, a cryptographic posture management company, and CipherInsights, a cryptographic discovery solution from Quantum Xchange, a
post-quantum cryptography and encryption management company, according to Ryan Sanders, senior director of brand and creative strategy at Keyfactor.
The company married those capabilities with its own in such areas as public key infrastructure (PKI), AI, and certificate lifecycle automation.
“This isn’t about overhauling our core identity; it’s a natural evolution in our story, a shift in perspective,” Sanders
wrote in a blog post. “Cryptography isn’t a commodity. It’s critical infrastructure that, quite literally, keeps the world connected and businesses running. When it works, everything flows. When it breaks, the consequences are real.”
