The struggle to protect machine identities

Ninety-six percent of IT security professionals believe machine identities are central to company security and viability, but few have capabilities to protect them.

  • 6 years ago Posted in
Venafi has published the results of "Securing The Enterprise With Machine Identity Protection, a June 2018 commissioned study conducted by Forrester Consulting on behalf of Venafi.” The study focused on enterprise machine identity protection challenges and included responses from 350 senior IT security professionals who are responsible for their organizations’ identity and access management from the U.S., U.K., Germany, France and Australia.

Key findings from the study reveal that ninety-six percent of companies believe that effective protection of machine and human identities are equally important to the long-term security and viability of their companies. However, eighty percent of respondents struggle with the delivery of important machine identity protection capabilities.

 

“It is shocking that so many companies don’t understand the importance of protecting their machine identities,” said Jeff Hudson, CEO of Venafi. “We spend billions of dollars protecting user names and passwords but almost nothing protecting the keys and certificates that machines use to identify and authenticate themselves. The number of machines on enterprise networks is skyrocketing and most organizations haven’t invested in the intelligence or automation necessary to protect these critical security assets. The bad guys know this, and they are targeting them because they are incredibly valuable assets across a wide range of cyber-attacks.”

 

Additional findings from the study include:

  • Nearly half (forty-seven percent) believe protecting machine identities and human identities will be equally important to their organizations over the next 12 to 24 months, while nearly as many (forty-three percent) think machine identity protection will be more important.
  • Seventy percent admit they are tracking fewer than half of the most common types of machine identities found on their networks. When asked which specific machine identities they track:
    • Just fifty-six percent say cloud platform instance machine identities.
    • Only forty-nine percent say mobile device machine identities.
    • Only forty-nine percent say physical server machine identities.
    • Only twenty-nine percent say SSH keys.
    • Only a quarter (twenty-five percent) say machine identities of microservices and containers.
  • Sixty-one percent say their biggest concern regarding poor machine identity protection management is internal data theft or loss.

Managing user and machine identities and privileged access to business data and applications is an enormous undertaking that has serious security ramifications. Traditionally, the focus for identity and access management (IAM) programs has been people-centric, but recent increases in the number of machines on enterprise networks, shifts in technology and new computing capabilities have created a set of challenges that require increased focus on protecting machine identities.

 

From Securing The Enterprise With Machine Identity Protection, Forrester Consulting, June 2018: “Newer technologies, such as cloud and containerization, have expanded the definition of machine to include a wide range of software that emulates physical machines. Furthermore, these technologies are spawning a tidal wave of new, rapidly changing machines on enterprise networks. To effectively manage and protect machine identities, organizations need: complete visibility of all machine identities across their networks; actionable intelligence about each machine identity; and the capabilities to effectively put that intelligence into action at machine speed and at scale.”

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...