Skip to content

Akeyless Executive Conversations

Admiral Michael Rogers and Oded Hareven, Akeyless CEO & Co-founder

Oded Hareven: Hi, I’m Oded Hareven, the CEO and co-founder of Akeyless. Join us for a fireside chat with Admiral Mike Rogers, former NSA director, to talk about machine identities and how to solve the future challenges of tomorrow. Mike, how are you?

Mike Rogers: It’s great to be with you. It’s a great day, a pleasure to be together.

Oded Hareven: Thanks for joining us in this. So Mike, let’s start just by telling our audience – I’m sure that most of them know this Mike Rogers. Who is this Mike Rogers?

Mike Rogers: Hey, look, I did 37 years in the United States Navy. I retired as a four-star admiral. In my last four plus years as a four-star admiral, I was the director of the National Security Agency and the commander of United States Cyber Command. What does that mean? Simplistically, I was part of a great group of men and women – I led the two largest cyber organizations in the U.S. government, which means, effectively, they’re among the two largest cyber organizations in the world, just given the scale that states operate at. And in those two organizations, we were tasked with generating deep knowledge and understanding about who are the cyber actors out there? Nation states, criminals, individuals? What are they doing? What’s their objective? How are they doing it? How can we defeat them? In addition, NSA develops all the encryption from the algorithms to the actual key material for the classified systems in the US government. Finally, defended and penetrated networks for living. So I work the offense and the defense. Cyber Command was responsible for the defense of the Department of Defense network. So a lot of users, a lot of network structure. And then we also were at Cyber Command responsible for supporting the defense of our critical infrastructure in the United States. So working with banks, power companies, energy companies, etc., as to how we were going to help defend their infrastructure against attacks from nation states and criminal groups.

Oded Hareven: And I’m sure lots of thoughts around the private and public sector – how can you help the private sector and how much would be that involvement?

Mike Rogers: Very much. Who’s role, who should do what? Which I really enjoyed. I love the fact that cyber was all about if we’re going to achieve enhanced cyber security, how do we work together as a team? How do we bring together the best of the private sector, the best in government? And how do we figure out what’s the right role that each should have?

Oded Hareven: When you look back with your great amount of years dealing with cybersecurity and technology and securing the nation obviously all around the globe, what were the major challenges and trends that you’ve seen back then?

Mike Rogers: First thing I was struck by was number one, leadership is so important. This is about how do you identify, train, recruit, retain, and motivate and focus humans. As important as technology is, men and women are who make the difference. The man in the tank is the one who wins. That was a big one. Number two, one thing I was always struck by – I used to have this conversation with vendors all the time when they were approached about capabilities we should buy given our defense mission. One of the things I used to tell them was, guys, you have got to give us integrated solutions. I cannot keep proliferating in the name of cybersecurity more and more apps, more and more systems, more and more software that our cybersecurity workforce has to try to train on, understand and maximize the value of. I need integrated solutions at scale because I need speed, I need scale, and I need to simplify my human dimension here. I want to make things easier for them. I don’t make it easier if I keep giving them ten more tools this week that they need to learn that just doesn’t get us where we need to be.

Oded Hareven: Although just remember, it’s not a binary one or the other. It’s never a binary. As we’re working with the human dynamic, we can’t ever forget that. We’re not growing a lot of people now. A massive far exceeding. So it shows you that the challenge is growing greatest in particular. And even as we’re paying attention to the human dynamic here from an identity perspective, the challenge that keeps growing the most is the machine side here.

Mike Rogers: Yeah, my challenge would be if we keep doing the model that we’re doing now, it’s not going to get us to where we need to be. Just given the kind of challenge and the scale we’ve talked about that argues to me, we get to think about this challenge a little differently. We got to approach it from a much more integrated way, you know, these stovepipe solutions that historically we’ve used to throw out. They’re just not scalable. They don’t give you scale, they don’t give you speed and they complicate your cybersecurity as a defender. They complicate your life. They don’t make it easier.

And as I said look, I constantly would say to vendors I need to reduce complexity. I need to increase my ability to operate at scale. I need to increase my ability to operate at speed. And help me in a way in which I can actually get ahead of the adversary. I can’t anticipate what they’re doing, not reacting after they’ve already done.

Oded Hareven: Absolutely. So we’ve looked at that in obviously the past few years and these trends that are happening. Our first understanding is that we need to first focus on an object that unifies all of those use cases and to be able to unify or to basically understand the generic part of it in order for us to provide a true platform. And that was the terminology around secret. Right? What could have been named as credentials? It’s not just about credentials. Credentials is also like certificates, which is a different term. But then, actually when you put terminology in umbrella terminology, calling that secret, you find out that you can generalize it. You can also generalize the whole lifecycle of encryption key. Right?

All of those different objects that I’m naming right now, credential, database credential, API key, SSH key certificate, encryption keys, all of those all together. When you look at it, those are the secrets that authenticate identities. Either they’re assigning either they’re encrypting it, either whatever they are doing. But at the end of the day, they are validating an identity and approves and access to certain data.

Now, when you look at that aspect on a generalized way, you are able to eventually. And that was at the beginning, eventually to unify all of those different use cases. But then was a question around how can we protect all of those different objects and calling it in a generic way? And that brought us with the DFC, the Akeyless DFC. And I’m sure that, you know, we talked about that it is an encryption keys management system, right? To make encryption as a service very easy way to protect the key with an Akeyless way.

With that DFC technology with a key that never exists to be able to protect, to protect those credentials is static as they are, but then it needs to come up with the second layer of what we call the second, the second notion, for that sense, which is the ability to rotate them all the time, to keep them dynamic, to keep them keep changing.

But that’s not all. After they’re changing, that’s fine. But at the end of the day, there is an identity when you were rotating a password, eventually there is still an identity. There is still a system account in the database. There is still an account within the IAM of the cloud.

So the third, the third way to look at it in terms of evolution is the just in time credentials or the just in time secrets that are basically creating a temporary identity for machines. It makes a lot of logic. Today machines are known to be ephemeral more than it used to be, right? Virtual machines, container or microservices. The world is moving there.

So to create just in time identity that is provided to the requester, and after a certain amount of time that is being used to completely be deleted, imagine how well does it do for compliance and audit. Right? They basically to have a complete empty IAM system for a certain database because when no one uses it, no one needs it and it and it and it means a lot.

It’s not necessarily easy to change the architecture of your software to do so, but it’s imperative. So that’s the third layer. But as you’ve known, you’ve known us for for some long time. And you know that it’s not the end, that we have more to come, but we have more ideas or more ideas and more practicality, a more practical thing to enable the future.

The fourth, stage on that manner would be helping a lot of JIT and security and DevOps, engineers and S3 and platform engineers to move to the secret less world. And what does this mean? Basically, it means to support, by the use of great protocols and authentication schemes that have been created to allow machines to authenticate without a physical object, rather than an infrastructure object that is provided underneath.

And with protocols such as OIDC and protocols like spiffy inspire to basically to facilitate an identity provider such as Akeyless to provide temporary tokens. So it’s kind of the just in time understanding there is no identity on the other other side. It keeps deleted also for temporary access for a certain machine to act the fourth.

This fourth generation would help significantly for organizations to decrease the number of secrets down to the minimum. And think of it as Akeyless. This is the secrets in machine identity, right platform. We are literally advocating to help our customers to decrease the number of secrets. So you can learn from that in terms of, you know, the business model is not about secrets. What we want to have and want to see our customers to decrease the number of secrets as much as possible.

And yet this is a transition. It requires a transition from the current world that is very much reliant on those physical or virtual objects in order to bring them, while changing applications to the world of of secret lists.

Mike Rogers: One of the things that I’m curious about and I don’t know the answer, but I always try to look for examples that are analogies as I’m trying to work my way through problems is one of the ways I tend to dissect complexity in the world around me. So even as we’re looking towards that longer term goal that we talked about, you know, I’m struck by so what have we done in the human arena? We decided that what we still have are credential based human dynamics. Let’s overlay a second component, oftentimes biometrics. Hey let’s go to multi-factor authentication.

And I’m wondering what is multi-factor authentication or equivalent look like in the world of a machine when you’re trying to add another characteristic, if you will, to help define identity? I don’t know what that would be. I’m just curious that my own mind is, is there such a thing? Maybe there is and I don’t know.

Oded Hareven: So there is a claim in the industry that you can somehow imitate the multi-factor authentication by having, you know, some parameters within the CPU of a certain machine or to see, well, we used to think that IP is a good thing. We now know that it’s completely right. Everyone in the industry understands that neither IP or Mac address is not the answer. Well, they’re all kind of properties, right. That can be used allegedly in order to create some kind of an attestation that cannot be hacked.

Unfortunately, the recent years have shown that even hard work can be hacked, and even a memory can be accessed while it’s running right. And it looks like they have done that in a previous life.

Mike Rogers: So say no more of that.

Oded Hareven: And so since you know that in your heart and you’ve seen it in your eyes, it looks like the only answer would be around running it in ephemeral mode, running the credentials or providing credentials for short amount of time. Back in the days when we were all discussing zero trust, right? I remember a discussion that I’ve had with Doctor Zero trust chiefs. Cunningham. Our friend from those days, he was mentioning the just in time importance of identity as well.

Most of the zero trust solutions were very much focused on the network area. So you’re going to get it and temporary access to the network to a specific place. But the identity layer for a long time has been left alone or has been left untouched in terms of how do you take that zero trust principles and making sure that the identity also answers? And this is exactly the just in time credentials providing just in time, identity just in time secret or dynamic secrets for that sense to enable this process and to basically have both network and the application layer identity layer level to be able to be provided for a just amount of time.

So it’s not necessarily going back to your question, not necessarily into how do you better proof an identity of a machine rather than providing it for very short amount of time in order to make sure that it does not harm. And you can, you’re able to revoke and or specific purpose.

Mike Rogers: Exactly. Exactly as it is now when you add, by the way, the aspect of Akeyless, the DFC, the fact that the key never exists, one of our other point in which we are very proud of is that you’re saying, we’re saying if you’re leveraging the DFC in comparison to an natural KMS that allows you to, to run encryption, if someone steals that, your data, your encrypted data, they need to steal also the encryption key.

And when they do that, they can take the encryption key and they can go outside. And you would never know that they are opening your information. You just know that if they stole it, you don’t have the understanding and you have much less time to acknowledge and understand and to find them with a DFC approach with a fragmented key, basically, that all fragments do not, you know, know each other, although each other company, the attacker, the adversary need to be within, within your network in order to actually decrypt because they require the algorithm action in order to decrypt the information.

So you have much more time to identify your attacker, the ones that are trying to grab your secrets to sign certificates on your behalf, etc. So that’s one of the great benefits there.

Oded Hareven: I’d like to add some more things before we wrap up. All right. So we talked about the unification. I want to I want to use this also to be to provide more specific, needs with regards to the thing that we are unifying to. Okay. So maybe we’ll start with a question about unification, right? I’ve mentioned that the key is unifying secrets of machine identity platform.

So how many tools are unifying or so let’s try to be even more, more specific. Or how many tools, where are the tools let’s take a minute and think about it as we think through. You’ve outlined in a vision that Akeyless wants to achieve this idea of unification, about how we’re going to bring protection of secrets with machine identity together, an integrated way. So what’s your vision of how to achieve that unification?

Mike Rogers: Sure. So first of all, you know, happily, we’re definitely inside that vision and the world can actually now enjoy. In as it is there is some further roadmap into it, and I’ll elaborate even further. But for the first time in the world, Akeyless presents a unification of several use cases around machine identity management. Right? Secrets management is the base of it.

DFC core technology that provides the core around it, so it’s KMS capabilities, encryption, keys management, certificate lifecycle management, and managing PKI. Secure remote access as an answer for modern Pam and password management. All of those all together already within one unified platform.

Today you can go practically to our website to sign up for akeyless.io and to have your, your own identity to enter that, and you’ll be able to see that within one click of a new button, you’ll see all different types of secrets at the same place. You’re able to view the credentials, the static one, the rotated one to configure dynamic ones, to issue certificates, even public certificates to automate that, to have encryption as a service to connect the system with your cam IP encryption methodology, you’ll be unifying awareness, the ability to splay it and see it, and the ability to act. Everything is within it.

And I’ll tell you more with regards to observability. But right now, already the multiple types of secrets are getting answer in a vault this manner with a Akeyless approach. All of that all together.

On top of that, there is a notion of governance and control right. And how would a certain enterprise understand what is it that they have? So within our platform we have created a module around universal secrets connector that allows our customers to basically look at their, existing secrets repositories. Right. Different types of secret management solutions of that providers of the industry, open source solutions, etc.. And to look at what they have today in order to understand whether they’ve rotated that, whether, too many privileges have been taken, maybe some secrets that are not being used.

So that allows this what we call the first level of observability, or the first level of governance, to basically first understand what is it that they have. In future you’ll find Akeyless providing more and more of that, either by growing it organically or by partnering with a lot of other companies that are very much into. But to make it in a unified way, anywhere integrated exactly in an integrated approach in which a customer can basically enjoy that, to have all of that altogether.

One more word about unification. So what we have investigated in the realm of machine identity management today, there are 12 different categories in order to really secure machine identities, 12 different categories that are provided by 15 different tools and 75 different vendors. In order to truly secure those machine identities, think of an security division or, platform engineering security. Right. Section they need to have so many POC, so many proof of concepts, so many vendors to test in order to be able to have them within those different 12 different tools that they need to have in order to completely save and protect those.

So I’m very happy to see that for the majority part of those tools, we are, platform is already providing an answer. And with time, you’ll see more and more of us evolving to basically grow that organically without stitching any other solutions, rather than providing a unified solution that has built as such, ground, ground to top how what would be your take? You know, several of the tips, several tips that you have for today’s seesaw in this complex and new environment of, of the modern life of security.

Mike Rogers: I mean, so first I’d say, look, you have a hard job. There’s no doubt about it that the challenge is difficult and it’s getting more challenging. So as a guy who used to be a defender myself, the things I try to say to people are number one, make sure you get a strong fundamental baseline knowledge of exactly what your configuration is. So many times as an attacker, what the what the network owner thought their configuration was versus what the reality was it they were often very different. And the attackers, we would exploit that to our advantage if we’re trying to gain unauthorized access.

So in addition to getting a good baseline and knowledge, secondly, reduce complexity. Think about how you can operate at scale, simplify, simplify, simplify. And then finally, remember, at its heart, cyber security is the ability to apply, integrate and maximize technology with motivated, well-trained, and well-prepared men and women. And you need both of those dimensions. It can’t be just one. It’s got to be both.

Oded Hareven: Well, hey, we’ve had a great conversation today. Anything in your mind that you’d like to close out with?

Mike Rogers: No, actually, I wanted to thank you, Mike. I wanted to thank you with, you know, coming over and, and having this great conversation, looking forward for our, our next opportunity to do so, and Yeah, that’s it, that’s it.

Oded Hareven: So for me, look, I just want to say thanks to both of the for you as an individual and the broader Akeyless team, but also for all of us out there who are trying to come to grips with the challenges around identity. I love the fact that you are looking at a solution, a vision in which you are tying together both the protection of secrets and machine identity, that you’re trying to do it in an integrated way that is going to give us scale and speed, and that’s something we need more. Yeah. Make your life simpler, not more complicated.

Mike Rogers: Very proud to do so with the team and the entire company. And again thank you Mike for today.

Oded Hareven: Thanks, all right.

Mike Rogers: Very good. All right.

  • EncryptionKeyManagement_HighPerformer_Enterprise_HighPerformer
  • PrivilegedAccessManagement(PAM)_BestSupport_Enterprise_QualityOfSupport
  • PrivilegedAccessManagement(PAM)_EasiestAdmin_Enterprise_EaseOfAdmin
  • PrivilegedAccessManagement(PAM)_UsersMostLikelyToRecommend_Enterprise_Nps

© 2025 AKEYLESS. All rights reserved