Machine identity management has become a foundational function for every organization. One reason for that is modern business models all depend on machine identities. Machines are defined as any transactionary non-human entity. So that includes virtual machines, IoT devices, executables, servers, websites, apps and APIs to name a few. In addition to managing a complex network of machine identities across each organization, machines are increasingly interconnected to the “machines” of other enterprises. That interwoven mesh of machine-to-machine connections essentially makes it every business leader’s responsibility not only to protect their own organization, but also to ensure they are not the weakest link within the community of their interconnected peers.
Asset vs. liability: How are you managing machine identities?
As Kevin Bocek explains, joining the dialogue around machine identity management may be difficult as security researchers have lacked a common language to discuss the topic until now. However, any enterprise employing digital resources not only utilizes, but is likely growing in machine identities—and their associated risks—daily. To cite an illuminating example from TechCrunch, “A seemingly simple transaction—such as connecting with your local bank’s server to check your balance—involves hundreds of machines, all of which need to be authenticated before they can connect. These machines run the gamut from the bank’s on-site servers to software in the cloud.”
With interconnected transactions inextricably bound to machine identities—such as digital keys and certificates—for their security, a lapse in management or hygiene could be fatal. As cited in the same article, “[in] mid-2020, the State of California was unable to tabulate Covid-19 testing results after a TLS certificate on its centralized reporting system expired. The 2017 Equifax data breach was exacerbated when a certificate controlling a crucial piece of security software expired, leaving them vulnerable to attack for 76 days.” A supply chain attack left SolarWinds vulnerable when a certificate authenticating Microsoft 365 Exchange Web services was compromised. And behemoths like Spotify and Microsoft have even been caught unaware in the face of game-altering certificate outages.
The accelerated migration to the cloud has proliferated an unprecedented number of machines. Machine identities sprawl and shortened certificate lifespans down to one year only exacerbate the issue.
Since machine identities underlay the foundation of all secure digital interactions—from bank transfers to Zoom meetings to cryptocurrency trading—the question is not if but how to manage them. Because of their growing importance, machine identities should be regarded as critical business assets and should afford adequate protection. What should a robust machine identity management strategy look like in 2021 and beyond?
Components of an effective machine identity management strategy
Any effective machine identity management program should deliver the following outcomes:
- Prevent machine identity theft
- Keep up with the explosive growth of machines
- Secure cloud-driven machine proliferation
- Protect the identities of connected things
- Interact safely with new types of machine identities
However, Venafi also notes that “the number of machines is growing faster than the number of people using them. The sheer scale of machine identities that need to be protected, including mobile, cloud and IoT devices, makes it far more challenging to keep machine identities secure.” Managing them all can feel like hitting a moving target.
Therefore, a solid machine identity management strategy should contain the following components:
- Full visibility into the entire IT infrastructure. Also, non-IT infrastructure should also be scanned and secured, to protect against Shadow IT.
- An inventory of all digital keys and certificates
- An automated scanning tool that can locate all keys on and beyond the network—such as within the cloud and your company’s IoT environment
- An incident response plan
- Fully automated machine identity management solution. This not only scans and gains visibility over the environments but automates renewals and takes the guesswork and human error out of spreadsheets.
Even the smallest of businesses can now find themselves inundated with digital keys and certificates to protect as Shadow IT, cloud migration and the increasing digitization of everything expands machine identities to unprecedented levels. This is why fully automated machine identity management solutions are seen as a necessary business asset for enterprises of all sizes.
The truth about machine identities
The inevitable reality of machine identities is that if you have so many now, you will only have more in the future. Waiting to devise a proper management solution will only increase the amount of work for your security team trying to locate thousands of keys and certificates in disparate places.
As the world becomes more interconnected, a security breach like the ones experienced by Marriott or SolarWinds, could have dire consequences as the security posture of partners and suppliers impact businesses security directly, and supply chain attacks exponentiate in damage potential.
You’ll need an effective machine identity management strategy to keep your enterprise—and the enterprises of those it is connected to—safe. Venafi is a pioneer in machine identity management and protection. Download this whitepaper to discover how we can help you minimize outages caused by orphaned and insecure machine identities.