The IT Nerd

By Don Boxley, CEO and Co-Founder, DH2i (www.dh2i.com) 

You may have noted that “World Password Day” was celebrated in May… And like each year, there was quite a bit of conversation around the idea that passwords just aren’t cutting it anymore… But, here’s the thing… Passwords didn’t suddenly become weak. The bigger problem is that modern infrastructure evolved far faster than the old trust models designed to protect it. This brought up another related conversation – lots of previously tried and true data and infrastructure security methods also aren’t cutting it anymore – like VPNs. 

And, that makes sense. Infrastructure was far more centralized and predictable 10-15 years ago. Even 5 years ago, for that matter. But today, businesses operate in environments that are constantly moving, scaling, and changing. Yet many organizations are still using assumptions built for a much smaller, slower, and more contained era of IT to secure today’s IT reality. 

The Perimeter Barely Exists Anymore

Most organizations no longer operate inside a clearly defined perimeter. Infrastructure is spread across hybrid cloud environments, multiple public cloud providers, Kubernetes clusters, remote users, AI workloads, edge deployments, and legacy systems that businesses still depend on every day. Modern infrastructure has become a patchwork of environments connected by operational necessity rather than standardization.

That creates a very different set of challenges than traditional security models were built for. 

Static credentials and broad network trust assumptions simply do not scale cleanly in environments where applications move dynamically, workloads scale automatically, and systems constantly communicate across regions, providers, and platforms.

Today’s infrastructure environments often include:

• Hybrid cloud deployments
• Multi-cloud infrastructure
• Kubernetes and containers
• AI and GPU-driven environments
• Remote and distributed workforces
• Edge and IoT deployments
• Windows and Linux systems operating simultaneously
• Legacy applications requiring ongoing operational support

Credential Problems Now Create Operational Problems

For sure, today’s environments are highly distributed and interconnected. Constantly authenticating and communicating with each other behind the scenes are applications, databases, cloud services, Kubernetes clusters, AI workloads, and failover systems.

So when credentials or trust relationships fail, operational problems can happen too, such as:

• Applications losing connectivity
• Replication between systems stopping
• Failover processes failing during outages
• Automated recovery systems breaking
• AI services becoming unavailable
• Distributed workloads timing out or crashing

In other words, a credential issue today can create both a security problem and an availability problem. In modern distributed environments, when trust breaks, operations break too.

If authentication fails, applications can lose connectivity. 

If trust relationships break during failover, recovery processes may not behave the way teams expect. 

If dependencies are poorly understood, outages become significantly harder to resolve under pressure. 

Security and operational continuity are now deeply interconnected, in highly distributed environments.

Downtime is no longer just inconvenient, as businesses rely more heavily on real-time applications, customer-facing systems, and AI-driven services. That reality becomes even more serious, directly impacting operations, customer experiences, and revenue.

Complexity Quietly Becomes the Biggest Risk

Simply managing overwhelming operational complexity is one of the biggest challenges modern IT teams face today. Every additional VPN dependency, networking exception, manual authentication workflow, or infrastructure-specific access policy adds another layer of fragility into the environment.

Eventually environments become so interconnected and complicated that nobody fully understands every dependency anymore. That’s when small problems start cascading into much larger operational incidents.

Common failure points now include:

• Expired credentials breaking replication
• Misconfigured trust relationships disrupting failover
• VPN bottlenecks destabilizing distributed applications
• Overly broad network access enabling lateral movement
• Infrastructure-specific dependencies failing during migrations or outages

None of this happens because IT teams are careless, or not paying attention. 

Most organizations are simply trying to balance performance, uptime, security, compliance, cost, scalability, and operational flexibility… all at the same time. Of course, that is easier said than done. 

AI Infrastructure Is Accelerating Everything

AI environments amplify nearly every infrastructure challenge organizations already struggle with today. Massive GPU clusters, distributed compute environments, real-time responsiveness, high concurrency demands, and cross-region orchestration all place enormous pressure on connectivity, resiliency, and trust models.

In AI environments especially, weak trust relationships and brittle access models stop being theoretical security concerns very quickly. They become operational liabilities. Because failures impact real-time interactions immediately, customer-facing AI systems often cannot tolerate downtime, latency spikes, or connectivity instability.

That changes the stakes considerably compared to traditional enterprise systems where outages may have created delays or inconvenience but not necessarily immediate business disruption.

Why Zero Trust Continues to Gain Momentum

 Modern infrastructure has become too distributed, too interconnected, and too dynamic for organizations  to continue assuming that network presence alone should imply trust. Resultantly, the core principles of Zero Trust have become incredibly important for organizations to adopt into their architectures.

Organizations are increasingly shifting toward systems that only establish secure connections to the specific resources they actually need – i.e., a move to identity-aware, tightly scoped connectivity models.

That shift increasingly includes:

• Identity-aware access controls
• Direct encrypted connectivity
• Application-level trust models
• Workload segmentation
• Infrastructure-agnostic architectures
• Continuously validated access relationships

Because most businesses no longer operate in a single homogeneous environment, the infrastructure-agnostic piece matters enormously. Different workloads require different environments for performance, economics, compliance, sovereignty, or resiliency reasons. 

Security strategies now have to function consistently across all of them.

Modern Infrastructure Requires a New Trust Model

Passwords still matter. MFA still matters. Good credential hygiene still matters. None of that is going away, not anytime soon anyway.

Static credentials, VPNs, and broad network trust, modern infrastructure has clearly outgrown the idea that they should remain the primary foundation for security and operational continuity. Today’s environments are simply too dynamic, distributed, and interconnected for those older assumptions to keep scaling effectively.

That’s why more organizations are starting to move toward software-defined perimeter (SDP) approaches built around identity-aware, direct encrypted connectivity instead of exposing broad portions of the network itself. Instead of placing users and systems “on the network” and hoping policies contain access appropriately, the goal becomes far more precise: securely connect users, applications, workloads, databases, and services only to the exact resources they need access to. Nothing more.

That becomes especially important in environments spanning:

• Hybrid and multi-cloud infrastructure
• Kubernetes and containerized workloads
• Windows and Linux systems
• AI and GPU-driven environments
• Edge deployments and distributed teams
• High availability and failover architectures

The organizations adapting most successfully are increasingly recognizing that modern infrastructure requires a far more identity-aware, tightly controlled, infrastructure-agnostic, and operationally flexible approach to trust than the industry relied on twenty years ago.