Protection of machine identity just as important
96% of IT security experts believe that machine identities are central to a company's security and competitiveness. However, only a few companies have the necessary tools.
The "Securing The Enterprise With Machine Identity Protection" study shows that 96% of enterprises believe that effective machine identity protection is just as important as human identity protection. Both are equally critical to a company's long-term security and competitiveness. 80% of respondents, however, encounter obstacles when it comes to measures to protect machine identities and show pent-up demand for the provision of important functions for the security of these identities.
"It's shocking that so many organizations don't understand the importance of implementing measures to protect their machine identities," said Jeff Hudson, CEO of Venafi. "We spend billions on protecting usernames and passwords, but almost nothing on protecting the cryptographic keys and certificates that machines use to identify and authenticate themselves. The number of machines on enterprise networks is skyrocketing, and most organizations have not invested in the security intelligence or automation needed to protect these critical security assets. Malicious actors know this, and target them because they are incredibly valuable in a variety of cyber attacks."
Further results of the study
- Nearly half of survey respondents (47%) believe protecting machine identities and human identities will be equally important to their organizations in the next 12 to 24 months, while nearly as many (43%) believe protecting machine identities will become more important.
- Seventy percent of respondents admit to monitoring less than half of the most common types of machine identities on their networks. When asked which specific machine identities they track:
- Only 56% monitor cloud platform instance identities.
- Only 49% of respondents control mobile device identities.
- Only 49% say they protect the identities of physical servers.
- Only 29% secure their SSH-Key.
- Only a quarter protect the machine identities of micro services and containers.
- 61% indicate that their biggest concern regarding machine identity security management is internal data theft or a data breach.
Managing user and machine identities and privileged access to business data and applications is a huge task that has serious security implications. Traditionally, the focus of Identity and Access Management solutions (IAM) on humans, but the recent increase in the number of computers on corporate networks, technological changes, and new capabilities of computers have led to a number of challenges that absolutely require a greater focus on protecting machine identities.
Conclusion
Conclusion of the study Securing The Enterprise With Machine Identity Protection of Forrester Consulting: "Newer technologies such as the cloud and containerization have expanded the definition of machines to include a wide range of software that emulates physical machines. Thus, these technologies are leading to a flood of new, rapidly changing machines on enterprise networks. To effectively manage and protect machine identities, enterprises need: complete visibility into all machine identities on their networks; actionable information about each machine identity; and the ability to effectively translate that information into action at machine speed and scale."
Forrester Consulting conducted the study on behalf of the cybersecurity company Venafi. 350 IT security experts responsible for identity and access management at their companies were surveyed in Germany, the UK, France, the USA and Australia.
Source: Venafi
