Modernize Your PKI → Optimize Productivity → Reduce Risks    |Here’s how to replace Microsoft PKI with EJBCA

Identity Management Day: 3 Key Themes in Machine Identity Management

Machine Identity Management

Today, Keyfactor celebrates the second annual Identity Management Day, which was started by the National Cybersecurity Alliance and the Identity Defined Security Alliance (IDSA).

Organizations around the world trust Keyfactor to properly secure their machine and IoT identities protecting their business from costly outages and security incidents. Today, enterprises across every industry rely on thousands of devices to conduct day-to-day operations and keep their business running smoothly. Yet traditionally, security and IT teams have primarily focused their efforts (and resources) on securing human identities, often neglecting the machine identities that widely outnumber their human counterparts. To better understand the challenges these teams are up against, Keyfactor partnered with The Ponemon Institute for its second-annual State of Machine Identity Management report.

The 2022 State of Machine Identity Management report surveyed over 1,200 respondents across key industries to understand how today’s elevated threat surface and the rise of digital identities have created operational challenges for security and identity teams. Based on these findings, we’ve zeroed in on three key themes in machine identity management.

2022 Machine Identity Report- Email Signature

Machine identity is the next frontier of identity access management

Just like humans, every machine requires an identity, and each identity must be properly secured and managed. Machine identities come in the form of cryptographic keys and digital certificates that are used to identify and securely connect virtually everything in an organization’s network – workloads, services, devices, and more. To properly secure and manage the volume of machines in today’s modern enterprise, the average number of internally issued certificates in an IT organization alone is 267,620, a 16% increase since 2020. In the coming years, as the number of devices continues to climb, so will the number of certificates — all the more reason for organizations to get their arms around a machine identity management (MIM) strategy today.

The major challenge with properly managing machine identity is that the lifespan of trusted certificates such as SSL/TLS certificates is only 13 months. Understandably, many IT teams don’t have the time or resources to track the hundreds of thousands of certificates across an organization. However, when machine identities aren’t treated as critical infrastructure to the security of an organization, those organizations face the risk of outages. And in some cases, outages can cause irrefutable damage —not just to the business, but to its brand reputation.

The average number of internally issued certificates in an IT organization alone is 267,620.

Today, 65% of security and IT teams are concerned by the outage risks caused by the short lifespan of certificates. And when an outage does occur, it can be a time-consuming process for an organization to effectively recover. In fact, the average recovery time is 3.3 hours, with 68% of organizations reporting a recovery time of 3-4 hours or more. The long recovery period can be traced back to a lack of visibility and centralized management. Specifically, 55% of respondents say they don’t know exactly how many keys and certificates their organization actually has, which makes responding to an outage difficult. Due to this, we predict more companies will shift their approach to identity management and begin to prioritize machine identities in their everyday security practices.

Cloud transformation calls on crypto-agility to properly manage identity across all footprints

In today’s hybrid world, cloud transformation continues to push the boundaries of identity. It can be challenging for enterprises to find the right solutions to properly secure and manage identities across humans and devices. In order to face these challenges, organizations need to rely on a solution that is crypto-agile for the ability to respond to breaches or incidents at the appropriate speed. Because when it comes to breaches, timing is everything. In fact, 57% percent of IT and security experts say that crypto-agility is a top priority for their organization’s digital security. 

Crypto-agility is an organization’s ability to quickly and effectively manage and adapt public key infrastructure (PKI) and machine identities to new algorithms, standards, and environments like the cloud. This helps organizations apply a proactive approach to securing identities. And as more organizations modernize their PKI and migrate to the cloud, an increasing number of them will focus on crypto-agility in their incident response plans. 

Automation is the key to scaling a business

Enterprises – and their IT teams – are often laser-focused on driving the business forward by scaling and innovating quickly to exceed customers’ expectations and outpace the competition. Nothing stunts organizational growth like time-consuming, manual processes that take valuable resources away from other critical tasks. When it comes to people and machine identities, heavily relying on manual processes (tracking certificate expiration dates in an Excel sheet, for example) constrains an organization’s ability to scale. Automation, however, empowers an organization to scale quickly, helping security and IT teams focus on other high priorities that require human attention. 

A growing business calls for a growing number of devices, and you know what that means, a growing number of certificates. During substantial growth, lifecycle automation is a top priority for PKI and certificate management, as it helps teams ensure that no machine identities and their corresponding certificates slip through the cracks. Whether an organization is experiencing global expansion, or a merger and acquisition, certificate lifecycle automation can provide the enterprise-wide visibility needed for optimal identity protection. In fact, lifecycle automation (60%) and complete visibility of all certificates (57%) both emerged as top priorities for PKI and certificate management. 

Find more insights

Ready to learn more about the top trends in machine identity management and why it’s becoming a high priority for enterprises? Click here to read the full report.