Cloud is changing the game
In today’s modern cybersecurity environments, machine identity management is becoming a lot more complex. And with the growing popularity of cloud transformation initiatives, we're now bringing up managed workloads. We're bringing up new containers. We're bringing up new services. And they all need machine identities like TLS certificates to run safely. These machine identities secure machine-to-machine connections and communications and this makes them especially important in multi-cloud and cloud native environments, which tend to be ephemeral, dynamic, and relatively complex.
We’re now working in industries that leverage devices to run the organization, whether they’re using point-of-sale systems, medical devices, or sensors on the manufacturing floor. Organizations are leveraging third-party managed systems to run HVAC systems. Or they are running a smart building. All those devices will all have machine identities now attached to them.
And this is the challenge we face as cybersecurity professionals trying to stay on top of modernization. We're trying to enable our business to be successful and take advantage of advanced technology to produce the latest products and services to generate revenue. And at the same time, we still need to meet requirements to protect the organization.
Partnering with stakeholders for success
Given this complexity, how are you going to manage the influx of identities for the proliferation of devices? First of all, you need a robust, enterprise-wide machine identity management solution. And you need to optimize your identity security strategy by automating machine identities throughout your certificate lifecycles, as I recommended in a previous blog. But that alone is not enough. You need to make your machine identity management program work effectively and efficiently for your company. And, as security leaders you can’t do that alone.
As product and services innovation happens quickly, managing machine identities will going to require partnership not only at the executive level, but also with your peers and those involved in the day-to-day development. To get in front of this, you’ll need to come up with creative ideas to understand and support the processes your stakeholders use and deliver integrated solutions that align with the way they work.
We have to understand at the base level: what it takes to do the job, where they're doing day to day on their jobs, how do we integrate with it? As cyber professionals, it's important for us to take a step back and say, “What are they trying to do?” Put yourself in their situation and think about how we can get integrated in with this. Only then can we leverage our technology, capabilities, and experiences as cyber security professionals to help them streamline whatever they're doing to run their operations, while meeting security requirements.
Don’t Delay: 5 Urgent Actions to Prepare for 90-Day TLS/SSL Certificates
Getting executive buy-in
Beyond cross-team technical partnerships, it is also important to gain the support of business leaders and stakeholders. For the executive level in particular, we really have to focus on what we are trying to do strategically over the next three years. And we need to decide who needs to be involved in that conversation in order to develop a strategy for long-term success.
We need to be talking with the VP of products and other business leaders to understand what they are trying to do. And as cyber security professionals, we need to ask these leaders specific questions about how we can help them achieve their security goals. What services do we need to provide get there? What are the investments we need? How do we start to deliver this service?
We can also get involved with things like change approval boards and engineering steering committees to understand what they are trying to do and discuss how we can leverage the capabilities we have at our disposal to help them get ahead. This not only allows us to bring the latest solutions to our clients, but also helps us understand how we may need to change our solutions—whether it’s our approach or other factors such as technologies, methodologies, or frameworks. We need to think about this at an operational level to help the company be successful.
Conclusion
Collaboration is a big part of our success as machine identity management professionals. To do this, we have to integrate with the teams. With a seat at the table, we can best understand how to leverage certificate management solutions to effectively integrate with the processes. We need to consider things like integrating with continuous development life cycles or looking at establishing an immutable environment within the cloud.
We need to think about how we integrate this technology, these services, these programs into things like product development, engineering change boards. We can’t do it alone. And we will only be more successful when we bring a wide range of teams into the conversation.