Tech News
← Back to articles

Your Device Identity Is Probably a Liability

2026-02-27 | original
read original related products more articles

Your Device Identity Is Probably a Liability

Updated on: February 26, 2026

Daniel Michan Follow Smallstep

Most organizations believe they have device identity because they have certificates.

The Uncomfortable Truth About Device Identity

The UK National Cyber Security Centre is explicit in its Zero Trust guidance: you must know your user, service, and device identities before you can make trustworthy access decisions. Not some of them. All of them.

You can read the full NCSC principle here.

Most organizations have invested heavily in user identity. MFA, SSO, conditional access policies, directory federation: these are mature, well-understood capabilities. Service identity is catching up, though secrets sprawl remains a real problem.

Device identity is where the architecture breaks.

Not because organizations ignore it. Because they believe it's already handled.

... continue reading

Related:
The Robotic Dexterity Deadlock
Let's discuss sandbox isolation
Hyperion author Dan Simmons dies from stroke at 77
Writing a Guide to SDF Fonts
Don't run OpenClaw on your main machine

© 2026 GoKawiil