In the ever-evolving cybersecurity landscape, one thing is becoming increasingly clear: identity is the new control plane. In a recent episode of the Identity Radicals podcast, Matt Hart, Chief Security Officer at PTC, shared a candid and insightful look into the shift from traditional, network-centric defenses to identity-focused security strategies.
With decades of experience in IT leadership roles, including CIO and CTO positions, Hart brings a unique, ground-level perspective on how organizations must reframe their approach to security in the cloud and AI era.
Transition to Identity: The Security Evolution
For years, firewalls, VPNs, and network segmentation formed the backbone of cybersecurity defense. But, this model has become obsolete. While discussing a recent security breach with Veza’s Chief Security & Trust Officer, Mike Towers, Hart said, “The traditional network never even came up. Diagnostics started with identity: who is this, who did this, and who had access?”
As enterprises shift toward the cloud and SaaS platforms, the perimeter dissolves. In its place, identity becomes the foundation for access control and a zero-trust mindset becomes critical.
Zero-trust can be likened to a hotel. “You’ve got your identity card. You can walk in the front door. But, maybe you can also try every single room door.” In a zero-trust model, access shouldn’t be based on proximity; instead, it should be governed by the keycard itself, validated every time, for every door.
The Hidden Complexity of Identities
Moving to an identity-first model comes with significant challenges. One of the most pressing is managing third-party identities. Contractors, vendors, and temporary workers often have inconsistent onboarding and offboarding processes, leading to “zombie identities” that outlive their usefulness and pose a security risk.
More challenging still is managing the explosion of non-human identities (NHIs). Also known as machine identities, these include service accounts, APIs, automation scripts, and AI agents.
Although operationally efficient, the explosion of NHIs introduces dangerous new dynamics, like identity amplification where systems autonomously escalate access in pursuit of a goal, potentially without adequate oversight.
“You no longer have a human in the loop. Agents start talking to each other, giving each other more privileges to get the job done.”
Tackling the New (AI) with the Old (Legacy Systems)
As AI tools and agents proliferate, they interact more deeply with internal systems, making access governance both more urgent and more complex. “AI is just AI. It’s essentially morality-free,” Hart says.
With the rapid emergence of AI, observability and auditability have never been more critical across the enterprise. Without these elements, we risk losing the ability to trace who did what, how and why. This task becomes particularly daunting when multiple autonomous systems begin making decisions collaboratively without human intervention.
One of the greatest hurdles to identity-centric security is the legacy infrastructure many organizations still rely on. “We have employees with permissions they got 15 years ago that no longer align with their roles,” mentioned Hart.
Untangling decades of permissions and access control lists isn’t easy. It requires a strategic approach to identity hygiene, ensuring every identity – human or non-human – is properly governed and monitored throughout its lifecycle.
Near the end of the episode, Hart asked the question most security teams are asking when it comes to identity: “What do we do?” Hart asks toward the end of the episode, contemplating the identity risks posed by AI. “These are the things that keep me up at night—and by the way, I don’t have an answer.”
That kind of honest reflection is precisely what makes the identity conversation so important. There are no easy answers. But, by putting identity at the center of security strategy, we are slowly building toward a safer, more resilient digital future.
To hear the full conversation, watch the latest episode on Identity Radicals!
