How fast are machine identities growing in organizations? How difficult is that growth to manage? And what are the consequences of this unfettered growth? Venafi sought to answer those questions in a newly announced global study of 1,000 CIOs. The findings shows that digital transformation is driving an average of 42% annual growth in the number of machine identities. Because CIOs often have limited visibility into the number of machine identities on their networks and these critical security assets are not prioritized in IAM (Identity Access Management) and security budgets, CIOs should expect to see a sharp increase in machine identity related outages and security breaches.
Machine identity inventory to more than double to 500,000 by 2024
A whopping 100 percent of CIOs say that digital transformation is driving a rapid increase in the number of machine identities their organizations require. Machine identities enable secure communication and authentication for every part of IT infrastructure – from physical, virtual servers and IoT devices to applications, APIs and cloud native clusters and containers. Every time two machines need to communicate securely a machine identity is required.
CIOs estimate that the average organization used nearly 250,000 machine identities at the end of 2021. At current rates of growth, these same organizations can expect their machine identity inventory to more than double to at least 500,000 by 2024. Moreover, three-quarters of surveyed CIOs said that they expect digital transformation initiatives to increase the number of machine identities in their organizations by at least 26%—with more than one-quarter (27%) citing a percentage of higher than 50%.
Key survey findings include:
- 83% of organizations suffered a machine identity related outage during the last 12 months, over a quarter (26%) say critical systems were impacted.
- 57% of organizations experienced at least one data breach or other security incident related to compromised machine identities (including TLS, SSH keys and code signing keys and certificates) during the same time period.
New attack surface
“The realities of digital transformation mean that every business is now a software company. This means IAM [Identity Access Management] priorities need to shift to protect the machine identities required for digital transformation initiatives because these initiatives are the engines of innovation and growth,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi.
“The unfortunate reality is that most organizations are not prepared to manage all the machines identities they need. This rapidly growing gap has opened a new attack surface – from software build pipelines to Kubernetes clusters – that is very attractive to attackers,” Bocek said.
The rise in the number of machines on enterprise networks is exposing outdated machine identity management practices. Nearly two-thirds (64%) of CIOs say that rather than using a comprehensive machine identity management solution, their organizations combine multiple solutions and processes, including point solutions from certificate authorities (CAs) and public cloud providers, homegrown solutions and manual processes.
This piecemeal approach does not provide enterprise-wide view of all machine identities or provide the mechanisms needed to enforce configuration or policy requirements.
“Machine identity management is in the early stages of adoption. It’s very similar to what happened with customer and workforce identity a few years ago, but it’s orders of magnitude larger in scale and change is happening much faster,” Bocek continued.
“The challenges connected with human identity management pale in contrast to the challenges of managing machine identities. This research underscores the urgent need for every organization to evaluate their machine identity management program in order to protect their digital transformation initiatives,” he said.
About the research
Conducted by Coleman Parkes Research, Venafi’s survey evaluated the opinions of 1000 CIOs across six countries/regions: United States, United Kingdom, France, DACH (Germany, Austria, Switzerland), Benelux (Belgium, Netherlands, Luxembourg) and Australasia (Australia, New Zealand).