“We spend billions of dollars protecting usernames and passwords but almost nothing protecting the keys and certificates that machines use to identify and authenticate themselves,” says the CEO of a cyber security firm.
Until recently, identity management has tended to be people-centric. The proliferation of new machines on enterprise networks, new computing capabilities, and shifts in technology, has created a new set of challenges. CTOs and IT leaders must now focus on protecting machine identities, hor so says Jeff Hudson, CEO of cyber security firm, Venafi. This might be easier said than done.
According to a new study from Forrester and Venafi, while 96% of IT security professionals believe machine identities are central to company security and viability, 80% of respondents struggle with the delivery of important machine identity protection capabilities.
>See also: The future of identity and access management
The study, which included responses from 350 senior IT security professionals who are responsible for their organisation’s identity and access management from the U.S., U.K., Germany, France and Australia, also found that 70% admitted to tracking fewer than half of the most common types of machine identities found on their networks.
Hudson said: “It is shocking that so many companies don’t understand the importance of protecting their machine identities.”
>See also: Identity and access management: A how to for the modern enterprise
“We spend billions of dollars protecting usernames and passwords but almost nothing protecting the keys and certificates that machines use to identify and authenticate themselves. The number of machines on enterprise networks is skyrocketing and most organisations haven’t invested in the intelligence or automation necessary to protect these critical security assets. The bad guys know this, and they are targeting them because they are incredibly valuable assets across a wide range of cyber-attacks.”
According to the study, Securing The Enterprise With Machine Identity Protection: “Newer technologies, such as cloud and containerisation, have expanded the definition of a machine to include a wide range of software that emulates physical machines. Furthermore, these technologies are spawning a tidal wave of new, rapidly changing machines on enterprise networks. To effectively manage and protect machine identities, organisations need; complete visibility of all machine identities across their networks; actionable intelligence about each machine identity; and the capabilities to effectively put that intelligence into action at machine speed and at scale.”
>See also: Blockchain securing the path towards a modern identity
Nominations are now open for the Women in IT Awards Ireland and Women in IT Awards Silicon Valley. Nominate yourself, a colleague or someone in your network now! The Women in IT Awards Series – organised by Information Age – aims to tackle this issue and redress the gender imbalance, by showcasing the achievements of women in the sector and identifying new role models