Why effective machine identity management requires automation

With digital transformation projects currently underway within many organisations, the number and variety of machine identities in use is increasing exponentially. This trend has been intensified in the wake of the global pandemic which forced many organisations to quickly equip staff to work from home.

Many have undertaken digital transformation strategies and embraced cloud platforms which has required even more machine identities to be established. Interestingly, recent research conducted by Venafi found that the average company has more than 250,000 machine identities in place and the number is increasing by 43 per cent year on year.

Almost all respondents to the survey confirmed that digital transformation was driving this acceleration. This means that, by 2024, companies can expect to be making use of more than half a million machine identities.

However, despite this massive growth in the number of machine identities, most CIOs and CISOs have not increased the budgets allocated to managing them. Instead, they continue to rely on manual or siloed approaches to monitoring and maintaining what have become vital security components.

The appeal of machine identities to cyber criminals

Machine identities are particularly attractive to attackers as these can allow them to move laterally through an IT infrastructure, escalate privileges, and create backdoors. Also, because machine identities authenticate machine-to-machine communication, if an identity expires or is misconfigured then that connection is broken. This can result in expensive and disruptive outages.

There have been some recent, high-profile cases of where machine identity management has failed. One was the SolarWinds attack that involved cyber criminals injecting malware into the software build process. Attackers were able to ensure that the malware was validated and authenticated by a legitimate code-signing machine identity.

As a result, that malware was trusted by all the machines it was issued to and this led to hundreds of thousands of compromised systems worldwide.

VIEW ALL

The increasing challenge of achieving effective machine identity management

There are a range of factors that are complicating the task of effectively managing machine identities and ensuring that risk levels are as low as possible. Four of the most prominent are:

The sheer volume of machine identities in use: The number of machine identities being used by organisations is growing at an increasing rate, driven in many cases by rising adoption of cloud platforms and services. Cloud usage can only work if there is a strong system of identity to underpin it, as everything is done remotely. Each machine in use needs to be sure that those it connects with are what they say they are. Managing this large number of identities is a complex and time-consuming task.

The speed of change: The increasing use of cloud-based resources and the urgency of getting them in place as quickly as possible means that machine identity lifecycles are shortening. Indeed, according to research completed by software intelligence company Dynatrace, 61 per cent of organisations say their cloud environment changes once every minute or less, while almost a third say it changes at least once per second. This compares with earlier times when machine identities may have lasted months or even years. This is significantly boosting the need for swift and responsive machine identity management.

The diverse range of required identities: From micro-services, containers, and clusters to virtual networks, algorithms and neural networks, today’s IT infrastructures are becoming increasingly complex. As a result, a wide variety of machine identities is required to allow all components to interconnect. When you consider the myriad other devices also being used, it becomes clear that the task of effectively managing it all is becoming more challenging by the day.

The tenacity of attackers: Because they realise that machine identities are often poorly protected, cyber criminals are placing more attention on gaining access. This comes at a time when certificate authorities (CAs) are issuing machine identities that introduce new risks. For example, certificate authority Let’s Encrypt recently discovered a bug and revoked more than two million certificates with just two days’ warning. This resulted in many organisations having to rapidly swap out their certificates to avoid outages and potential attacks.

The key to machine identity management is automation

Together, these key factors demonstrate why the only way to achieve effective machine identity management and security is through automation. Because of their rapidly growing numbers and diverse types, trying to manage these manually is simply no longer possible.

Consider how your IT team would benefit from automated machine identity management. The result will be improved processes, greater security, and less chance of attacks and disruption.

Kevin Bocek is the chief security strategist at Venafi.