Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.
Most enterprises do not know how many machine identities they’ve created or what the levels of security are for those identities, making protecting them a challenge. It is common knowledge among CISOs that tracking workload-based machine identities is difficult and imprecise at best. As a result, up to 40% of machine identities aren’t being tracked today. Adding to the challenge is how overwhelmed IT, and cybersecurity teams are. 56% of CISOs say their teams are overextended in supporting digital transformation initiatives, struggling to get cybersecurity work done.
Machine identities now outweigh human identities by a factor of 45 times, the typical enterprise reported having 250,000 machine identities last year. Additionally, a recent survey from Delinea found that just 44% of organizations manage and secure machine identities, leaving the majority exposed and vulnerable to attack. Another challenge that companies face is automating digital certificate management, alleviating the potential for enterprise-wide breaches comparable to SolarWinds and Nvidia’s stolen code signing certificates being used to sign malware. Table stakes for any zero-trust strategy is an automated, secure approach for managing certificates.
Keyfactor’s 2022 State of Machine Identity Management Report found that 42% of enterprises still use spreadsheets to track digital certificates manually, and 57% don’t have an accurate inventory of SSH keys. The exponential growth of machine identities combined with sporadic protection from IAM systems and manual key management is driving an economic loss estimated to be between $51.5 to $71.9 billion from compromised machine identities.
Identity access management (IAM) systems need tools for managing machine lifecycles designed into their architectures that support applications, customized scripts, containers, virtual machines (VMs), IoT, mobile devices, and more. In addition, machine lifecycles must be configurable to support a broad spectrum of devices and workloads. Leading vendors working in IAM for machine identities include Akeyless, Amazon Web Services (AWS), AppViewX, CyberArk, Delinea, Google, HashiCorp, Keyfactor, Microsoft, Venafi and others.
MetaBeat 2022
MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.
For example, making identification and authorization of machine identities more intuitive to ensure keys and certificates are configured correctly is also needed. Securing machine identities as another threat surface is critical for protecting the devops process and machine–to–machine communications.
Given how complex machine identities are to manage and secure, implementing least privileged access is challenging. There’s less control over workloads to limit the lateral movement of an attacker or the use of stolen certificates to launch malware attacks. What’s needed is the following:
Using discovery methods and technologies first to locate then find interdependencies of machine identities must happen first. It’s a good idea to identify how machine identities vary in hybrid and multicloud environments, also tracking those with discovery tools. Finally, many CISOs realize that machine identities in multicloud environments need much more work to reduce the potential of being used to deliver malware or malicious executable code. Incorporating machine identities into a zero-trust framework needs to be an iterative process that can learn over time as the variety of workloads changes in response to new devops, IT, cybersecurity and broader cross-functional team needs.
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.
Join metaverse thought leaders in San Francisco on October 4 to learn how metaverse technology will transform the way all industries communicate and do business.
Did you miss a session from Transform 2022? Head over to the on-demand library for all of our featured sessions.
© 2022 VentureBeat. All rights reserved.
We may collect cookies and other personal information from your interaction with our website. For more information on the categories of personal information we collect and the purposes we use them for, please view our Notice at Collection.