EPISODE · Jul 16, 2026 · 17 MIN
The Great Unmanaged
from Bare Metal Cyber · host Dr. Jason Edwards
When contractors, partners, and “temporary” staff never really leave your environment, their access quietly becomes part of your infrastructure. In this episode, we walk through how non-employee identities accumulate around your core systems, why joiner-mover-leaver processes that stop at the HR boundary are no longer enough, and how “temporary” access turns into permanent risk. You will hear concrete patterns from cloud and SaaS environments, where vendor portals, support logins, and one-off project accounts slowly grow into a shadow perimeter that attackers see more clearly than you do.We then shift into the leadership moves that actually change your risk over time. The conversation covers how to design first-class lifecycles for non-employee identities, including sponsorship, expiry, and re-attestation; how to connect those mechanics to contracts, legal expectations, and third-party risk narratives for the board; and how to build a culture where turning off access is normal, not heroic. This narration is developed from “The Great Unmanaged: Contractors, Partners, and Temporary Access Gone Permanent,” a Wednesday “Headline” feature in Bare Metal Cyber Magazine.
What this episode covers
When contractors, partners, and “temporary” staff never really leave your environment, their access quietly becomes part of your infrastructure. In this episode, we walk through how non-employee identities accumulate around your core systems, why joiner-mover-leaver processes that stop at the HR boundary are no longer enough, and how “temporary” access turns into permanent risk. You will hear concrete patterns from cloud and SaaS environments, where vendor portals, support logins, and one-off project accounts slowly grow into a shadow perimeter that attackers see more clearly than you do.We then shift into the leadership moves that actually change your risk over time. The conversation covers how to design first-class lifecycles for non-employee identities, including sponsorship, expiry, and re-attestation; how to connect those mechanics to contracts, legal expectations, and third-party risk narratives for the board; and how to build a culture where turning off access is normal, not heroic. This narration is developed from “The Great Unmanaged: Contractors, Partners, and Temporary Access Gone Permanent,” a Wednesday “Headline” feature in Bare Metal Cyber Magazine.
NOW PLAYING
The Great Unmanaged
No transcript for this episode yet
Similar Episodes
Mar 31, 2026 ·54m
Mar 27, 2026 ·14m
Mar 24, 2026 ·42m
Mar 20, 2026 ·42m
Mar 17, 2026 ·41m
Mar 13, 2026 ·44m