Identities are undoubtedly the most vulnerable threat surface out there, with 79% of enterprises reporting identity-related breaches in the last two years. But surprisingly, only 26% of enterprises are fully confident in their ability to thwart such an attack. So, what is the disconnect between this recognition of the threat and lack of preparedness?
The answer may lay in the distinction of human identities versus machine identities. Enterprise IT teams and cybersecurity leaders are entirely confident they can prevent data breaches based on human identities, user access credentials based on usernames and passwords. This confidence, however, drops to a shocking 35% when it comes to machine identities.
What are machine identities?
There are two actors on every network: humans and machines. Just as human identities are protected with usernames and passwords, machine identities are protected keys and certificates. Every year sees billions of dollars spent protecting human identities, while the importance of managing machine identities is misunderstood and neglected. Cybercriminals are all too aware of this massive security gap, making it extremely lucrative to steal or forge machine identities. They can gain broad access into network resources and cover their tracks by hiding in encrypted tunnels.
Bottom line: if you don’t know where your machine identities are installed and exactly who’s using them, you can never be sure they’re not being misused by cyber criminals.
How are machine identities used on a network?
Machines use encrypted connections to establish trust in all kinds of digital transactions. To do this, machines identities use digital certificates and cryptographic keys to validate the legitimacy of both communicating machines. To put this into context, let’s discuss five ways that machine identities are being used to support a wide variety of vital business functions in your organization
1. Securing web transactions with HTTPS
SSL/TLS certificates are critical to the security of web transactions, such as online banking and e-commerce. These certificates create an encrypted connection between a web browser and web server. If cyber criminals gain access to these critical machine identities, they can eavesdrop on encrypted traffic or impersonate a trusted system in a phishing attack.
2. Securing privileged access
Most organizations use SSH to secure system-administrator-to-machine access for routine tasks. SSH is also used to secure the machine-to-machine automation of critical business functions. SSH keys ensure that only trusted users and machines have access to sensitive network systems and data. However, if cyber criminals gain access to your SSH keys, they can use them to bypass security controls and gain privileged access to internal network resources and data.
3. Securing Fast IT and DevOps
DevOps teams use cloud-based, self-contained runtime environments, known as containers or clusters, to run individual modules called microservices. Each microservice and container should have a certificate to identify and authenticate it and to support encryption. These certificates serve as valid machine identities that allow containers to communicate securely with other containers, microservices, the cloud, and the Internet. In the interest of development speed, developers may be tempted to skimp on key and certificate security, exposing your organization to unnecessary security vulnerabilities.
4. Securing communication on consumer devices
Digital certificates provide the foundation for authenticating mobile devices that access enterprise networks. They can also enable access to enterprise Wi-Fi networks and for remote enterprise access using SSL and IPSEC VPNs. However, without central oversight, it’s difficult to protect these functions on mobile devices. This can result in misuse when certificates are duplicated on multiple devices or past employees continue to use unrevoked certificates.
5. Authenticating software code
Software is usually signed with a certificate to verify the integrity of the software. When used properly, these certificates serve as a machine identity that authenticates the software. However, if cyber criminals steal code-signing certificates from legitimate companies, they can use them to sign malicious code. Because it is signed with a stolen, legitimate certificate, the malicious code doesn’t trigger any warnings, and unsuspecting users will mistakenly trust that it is safe to install and use.
It's easy to see how important machine identities are to every aspect of your organization, and how they can be misused by cyber criminals. Now that machine identities are on your radar, are you ready to start managing them?
Automation and full visibility are vital to protecting machine identities, and Venafi’s Trust Protection Platform is the best place to start. Learn more about how this incredible solution will kickstart your digital transformation and keep your machine identities secure!
- Gartner Names Top Security Trends for 2021: Machine Identity Management Makes the List
- Buy vs. Build: Integrating Machine Identity Management With Your ITSM
- Why I Think Machine Identity Management Is So Hot Right Now [Perspectives from Venafi EMEA]
- Can Machine Identity Management Prevent Data Breaches?