Skip to main content
banner image
venafi logo

3 Reasons You Should Treat Applications as Machine Identities in Your Security Strategy

3 Reasons You Should Treat Applications as Machine Identities in Your Security Strategy

protect application machine identities
July 23, 2018 | Juan C. Asenjo, nCipher Security

One of the biggest threat to machine identities today is the integrity of the software that runs within them, and that dictates their programed function. Whereas many machines worked independently in the past, the availability of ubiquitous communications is making it possible for networks of machines—including sensors, cloud applications, and distributed controls—to work in concert. This change has significantly expanded the data available to machines and the number of distributed actions they can affect.

Protecting the identities of applications is one of three major challenges that must be addressed to ensure trust and facilitate the adoption of transformational technologies employing the use of connected devices (machines) in the rapidly growing Internet of Things (IoT) and DevOps environments.

  1. We need to be able to trust the data that comes from applications
    Because machines increasingly talk to each other and exchange important data that they collect, strong mutual authentication and trust between these is critical. This is the first challenge, strong authentication requires trusted identities. If one cannot trust the machines, there is no point in collecting, running analytics, and executing decisions based on that data they collect.
     
  2. We need to be sure that data flows freely from application to application
    The second challenge is the protection of the integrity and confidentiality of the data collected as it flows from machine to machine, including applications which execute decisions (often without human intervention) based on that data. Because machines collect sensitive and personal data, privacy and regulatory compliance must also be a concern.
     
  3. We need to constantly verify the integrity of the applications themselves
    The third challenge, and the one I believe to be most concerning, is the threat to the integrity of the software. As machines (devices and applications) require regular updates as part of their lifecycle, the legitimacy and integrity of the downloaded code must be preserved to protect from potentially damaging malware and other attacks.

    The reason this is such a critical issue is that the machine identity might remain intact, but its execution might become compromised. Think of this as a trusted soldier going rogue. The individual is still the same person, but they may shift their allegiance. If software upgrades are not properly signed to give them a verifiable identity, they can provide a conduit through which malware can be introduced to collect and re-direct sensitive data, compromise users’ privacy, and perform functions that are damaging to the enterprise.

Machine/device credentialing and code signing are fundamental aspect to consider when developing a comprehensive security strategy that addresses the increasing use of machines, and this is why code signing is so important. Enterprises embarking in digital transformation initiatives need to be cognizant of the potential threats to machine identities, including the identity of the software that machines run.

This is especially true in DevOps and other Fast IT environments. Because software is developed and deployed more quickly, attackers who want to assume the identity of a trusted enterprise are stealing the certificates that organizations use to sign their code. If an organization’s code-signing key or certificate is compromised, attackers can use it to authenticate malware so it can be distributed widely.

To address this challenge at scale, we need to offer applications the same protections that we provide for machines. Automated and secure cryptographic key orchestration is required to safeguard the identities of our applications. To learn more visit Thales Booth 1222 and Venafi Booth 144 at Black Hat USA 2018 in Las Vegas. Or follow me on Twitter @asenjojuan  

Related posts

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

nCipher HSM Venafi Machine Identity Protection

Visibility, Intelligence, Automation: Three Reasons to Expand Machine Identity Protection

orchestrate machine identities

3 Reasons You Need a Root of Trust When Orchestrating Machine Identities

About the author

Juan C. Asenjo, nCipher Security
Juan C. Asenjo, nCipher Security
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat