One of the biggest threat to machine identities today is the integrity of the software that runs within them, and that dictates their programed function. Whereas many machines worked independently in the past, the availability of ubiquitous communications is making it possible for networks of machines—including sensors, cloud applications, and distributed controls—to work in concert. This change has significantly expanded the data available to machines and the number of distributed actions they can affect.
Protecting the identities of applications is one of three major challenges that must be addressed to ensure trust and facilitate the adoption of transformational technologies employing the use of connected devices (machines) in the rapidly growing Internet of Things (IoT) and DevOps environments.
Machine/device credentialing and code signing are fundamental aspect to consider when developing a comprehensive security strategy that addresses the increasing use of machines, and this is why code signing is so important. Enterprises embarking in digital transformation initiatives need to be cognizant of the potential threats to machine identities, including the identity of the software that machines run.
This is especially true in DevOps and other Fast IT environments. Because software is developed and deployed more quickly, attackers who want to assume the identity of a trusted enterprise are stealing the certificates that organizations use to sign their code. If an organization’s code-signing key or certificate is compromised, attackers can use it to authenticate malware so it can be distributed widely.
To address this challenge at scale, we need to offer applications the same protections that we provide for machines. Automated and secure cryptographic key orchestration is required to safeguard the identities of our applications. To learn more visit Thales Booth 1222 and Venafi Booth 144 at Black Hat USA 2018 in Las Vegas. Or follow me on Twitter @asenjojuan