• December 18 Americas: 2PM ET | EMEA: 3PM CET | APAC: 11AM SGT

  From Vaults to Workloads: Mastering Machine Identity in the Cloud-Native Era

Your PAM vault secures human identities perfectly, but can it do the same for the machines? What happens when a workload spins up at 3 AM, lives for 7 minutes, and needs access to production databases? Or when your CI/CD pipeline spawns 1,000 ephemeral workloads that all need different permissions? Now machines outnumber humans 82:1 and credentials need to rotate faster than you can type; traditional PAM becomes unmanageable.

From field experience with enterprise customers, we've identified four critical gaps when organizations try to apply human identity patterns to machines:

• Static credentials embedded in container images and code
• Disconnected directories create identity silos – each with its own truth
• Service accounts with excessive permissions that never expire
• No visibility into which workload accessed what resource and when

This session introduces workload identity fundamentals through the lens of the emerging SPIFFE standard—the universal identity framework underlying CyberArk's Secure Workload Access. You'll learn how trust domains create security boundaries, how attestation proves identity without passwords, and why workload identity isn't just about secrets—it's about knowing who's asking for them.

You will learn how to:

• Reduce the threat of leaked secrets by replacing static credentials with universal and unique identities
• Secure on-prem to cloud workloads using trust domains and mutual authentication
• Improve secrets management with short-lived, automatically rotated identities
• Improve developer experience through automation, standard APIs, and simplified service authentication

Presenters:

Matt Barker

VP & Global Head, Workload Identity Architecture, CyberArk

Joe Garcia

Principal Product Marketing Manager for Secrets & Secure Workload Access, CyberArk