Let’s do a thought experiment. An identity-related security alert just flared up at an enterprise, perhaps a carmaker or an airport. It could be nothing, or the start of a ransomware attack about to force all infrastructure offline.
How long would it take to trace the root cause of the alert? Minutes? Hours? It might shock you that according to a Teleport-commissioned study by Enterprise Strategy Group (ESG), it takes 11 hours on average for enterprises to resolve one identity-related security incident.
You might be thinking, ‘how did we get here?’ How can one of the most common attack vectors take so long to investigate, when copious research from Microsoft, Verizon, and others continue to stress the urgency of identity-related threats?
When it only takes minutes for attackers to pivot across infrastructure and escalate privileges, 11 hours is a catastrophic number. It has everything to do with how fragmented and opaque modern digital environments have become. Security teams are being asked to stop adversaries they can’t even see.
Borders hide the truth
Computing environments have become so absurdly fragmented that our inventions have created tech borders, not unlike national borders.
Humans, machines, applications, and even AI agents now all have identities. In most organisations, they’re scattered across systems, managed in isolation. Cloud platforms, on-prem servers, identity providers, developer tools, legacy systems, SaaS, databases, and Kubernetes clusters have become their own countries with their own rules, logs, and blind spots.
Managing those identities would be like a customs officer tracking who’s coming and going between countries with totally divergent passport systems, except a passport (your identity) in one country doesn’t work in the rest. Consistency? Forget that. Some countries want your passport, others want a visa. Some have strict guards; others don’t bother with credentials. The rest lost your files, to say nothing of the people with outdated or fake passports floating around.
That’s the fragmentation issue in infrastructure, which helps explain the 11-hour gap. Security teams aren’t slow or careless. They’re just stuck playing detective on Hard Mode across disconnected systems, forced to stitch together a crime scene made of logs across cloud, code, and infrastructure that were never designed to be stitched together.
This wouldn’t be so bad if identity attacks weren’t child’s play. But they are, hence why credentials theft account for one-in-five data breaches, with compromised credentials surging 160% in 2025. Once an attacker has a valid credential – a password, token, or key – finding the criminal might take as long as it did Tom Hanks’ character in the movie “Catch Me If You Can” (spoiler: it took him a while).
Infrastructure at scale is not possible with fragmented identity
This fragmentation even extends to the tools enterprises use to manage identities, according to ESG: 11 on average to trace identity-related security issues.
Eleven hours. Eleven tools. Every log lives within the ‘borders’ of a different tool. Every identity type – human, machine, workload, or AI – lives on an island. For engineers running infrastructure at scale, the friction this creates while answering basic questions is painful. Who (or what) accessed this database? Which permissions did they use? Was this normal behavior? How did they traverse between platforms, such as from Okta to AWS to Kubernetes to the database?
We haven’t even addressed how noisy security alerts are today. And, you can bet they are. What if those 11 hours are spent investigating a false positive? No team can confidently migrate workloads to the cloud, or modernise their infrastructure, if they don’t understand how identities behave across their environments.
They can’t rightly adopt AI either, because that will only magnify the problem. Not only does AI introduce a new type of identity with its own phishing vulnerabilities, but it also lowers the cost of identity attacks. If we can’t investigate today’s threats quickly, what happens when AI accelerates the volume and velocity of attacks? That’s a problem when ESG says 52% of enterprises rank data privacy issues as the biggest AI risk.
Time to redefine identity
The tech industry stands at a point where it needs to ask itself an uncomfortable question: what does identity in modern computing even mean?
Plenty of people say ‘identity (not the network) is the new perimeter.’ If that’s true, then we’re still clinging to the same problematic borders – to fragmentation. If you designed access controls for every floor and room in a building, but your building is huge, then eventually no one will know who has access to which floor.
Here’s what identity shouldn’t be: stealable. Does logging into Taylor Swift’s Instagram turn you into Taylor Swift? Well, no, because you’re not stealing her identity; you’re stealing her account. But when we brought the analogy of identity theft into the computing world, we started confusing identity with accounts and credentials.
When you think about the keys to your car, house, and gym locker, do you call those three different identities? You wouldn’t. Yet we’ve built a whole industry of identity management on top of accounts and credentials. Everything is built on the wrong definition of identity. Even the question, “where does your company store identities?” is a fallacy: identity cannot be stored.
Fixing identity in computing starts with eradicating anonymity. Every server, laptop, database, cloud account, human, and AI agent needs to be issued a unique identity from the same source. From an architectural standpoint, they need to be managed the same way, like employees. If you’re a platform engineering leader, you need to build this unified identity layer in your infrastructure.
That layer must be built on a cryptographic foundation, borrowing from the zero-trust principles that already exist in cyber security. Essentially, you begin with a single private key protected in hardware: servers have HSMs, laptops have TPMs, etc. Your identity becomes digitally derived from that private key material, but because it’s protected by hardware, it becomes impossible to steal, to sell, to clone, or to lose to an attacker.
It would be irresponsible to say unifying identities eradicates all complexity. But build that layer and you’ll start seeing silos evaporate. You won’t need five different zero trust or just-in-time access strategies for each identity category.
If we could build a borderless tech world, to redefine what identity means in the digital world, it might just be the best thing to happen to tech in years.
Ev Kontsevoy is CEO at Teleport.
