KubeCon Europe 2025: Why Identity is the New Backbone of Secure Infrastructure

The standout themes at KubeCon + CloudNativeCon Europe 2025 in London strongly centered on how identity is rapidly becoming the linchpin for securing cloud-native infrastructure. The recurring theme I saw wasn’t just Kubernetes innovation—it was the rising urgency of securing the who behind every action across platforms, clusters, services, and tools. Here are some of my general observations, as a platform engineer, from the sessions that I attended as well as some very enlightening conversations I had with customers at the Teleport booth:

• Platform Engineering is Maturing—But Access Remains a Blind Spot - Platform engineering took center stage again this year, with deep dives into internal developer platforms, golden paths, and self-service infrastructure. The mission is clear: empower developers, reduce toil. But as teams move faster, the need to control and verify access to that infrastructure—without becoming a bottleneck—is becoming critical. Session after session, you could hear the subtext: building secure platforms isn’t just about abstractions and automation; it’s about governing who (or what) can do what, when, and for how long.

• AI Workloads Need Identity, Not Just Resources - AI dominated the conversation, with over 70% of sessions touching on some aspect of running or integrating AI/ML workloads. But running LLMs isn’t just about GPUs and scale—it’s about control. One session on secure AI infrastructure asked the right question: “Who is spinning up these models, with what data, and with what permissions?” The rise of ephemeral workloads and dynamic infrastructure makes static credentials and hardcoded secrets a massive liability. AI services need cryptographic, short-lived identities, not lingering tokens or unchecked API keys.

• Supply Chain Security Starts with Identity Trust - Talks on SBOMs, Sigstore, and policy-as-code hammered home one point: securing containers and software artifacts means proving their origin and integrity. But what’s often missing is the flip side: who deployed this? Who had access to this pipeline? Without verified workload and machine identities, the entire CI/CD trust chain is at risk. KubeCon made it clear—software supply chain security must now include identity verification for every non-human actor in your environment.

• WebAssembly (Wasm) and the Need for Portable, Authenticated Workloads - Wasm’s move from experimental to production-ready was exciting, especially in terms of portability and modularity. But as these lightweight workloads multiply, so do potential identity blind spots. Just like containers before them, Wasm modules need to be tied to secure, auditable identities—not just launched into production with untraceable access paths. Identity must scale with innovation.

• Observability is Evolving—But Needs Identity Context - There was strong energy around observability, with unified platforms and AI-powered alerts taking the spotlight. But observability without identity correlation is just noise. It’s no longer enough to know that something failed—you need to know who triggered it, whether it was a human or a service account, and whether it was legitimate. Infrastructure identity brings the accountability observability tools desperately need.

Teleport was particularly thrilled with the volume of people that stopped by our booth and the depth of conversation that we had. We demonstrated numerous aspects of what the Teleport Infrastructure Identity program does, but also focused on our newest offering in this platform: Teleport Machine and Workload Identity. After talking to my colleagues, a pattern emerged as to what was on attendees’ minds:

• The Platform Engineer with CI/CD Key Sprawl - The reliance on static secrets embedded in CI/CD processes is often viewed as necessary evil even though they continue to be the source of embarrassing breaches. Even the process of rotating them is onerous because of scalability issues. Attendees were excited to hear that Teleport can completely eliminate the need for static secrets and secrets vaults. Instead of baking API keys into CI jobs, Teleport issues short-lived, identity-based certificates to workloads on demand—so your jobs can securely access infrastructure without leaving secrets behind. It’s secure, auditable, and removes the rotation headache altogether.”

• The SRE Drowning in SSH Key Management - SSH keys continue to be the main way that SREs and Platform Engineers manage access across hundreds of EC2 instances. These are not only difficult to manage (for example key rotation or deleting keys when an employee leaves), but are a security hazard because of the broad access they can provide. Attendees were excited to learn that Teleport can replace SSH keys with ephemeral, certificate-based access eliminating SSH keys that need to be rotated or managed. In addition, the unexpected benefit of using Teleport is that whenever access occurs, Teleport records all activities of the connection providing an audit trail of access and identity.

• The Platform Team Struggling with Just-in-Time Access - Teams are being confronted with strategic business initiatives to implement least privilege access. While they understand this is best practice, it is extremely difficult to do in real life without impacting the productivity of engineering teams. Teleport’s just-in-time access makes it easy to balance both velocity and security. Engineers request temporary access for a specific resource and task through Slack or CLI. Access is auto-expired, fully audited, and policy-controlled—so Teleport allows customers to reduce standing privilege without slowing anyone down. It’s security on demand, not security in the way.”

• The DevOps Engineer Dealing with Multi-Cloud Fragmentation - Many engineers complained about the difficulties they face because their infrastructure spans Kubernetes, databases, and cloud VMs across multi-cloud environments like AWS, GCP, and Azure. The fact that every environment has its own auth and access controls complicates their life and slows them down. This is one of the areas that Teleport especially shines in. Teleport centralizes infrastructure access across all environments with a unified identity layer. Whether it’s SSH into a VM, kubectl to a cluster, or psql into a database, access is granted via short-lived certificates tied to your identity provider. You get one consistent access workflow, no matter where your infrastructure lives.

The Takeaway

KubeCon 2025 made one thing abundantly clear: as infrastructure becomes more dynamic, distributed, and autonomous, infrastructure identity security is the control plane we can’t afford to ignore. From ephemeral pods to persistent pipelines, everything that touches production needs to be authenticated, authorized, and audited—whether it’s a human or a workload. Without identity, we’re just guessing. With it, we can finally enforce zero trust, at scale.

And that’s the future Teleport is delivering.