Skip to main content
banner image
venafi logo

Explosion of Machine Identities Creating Cybersecurity ‘Debt’

Explosion of Machine Identities Creating Cybersecurity ‘Debt’

identity-explosion-debt
April 18, 2022 | Brooke Crothers

A new report found that machine identities now outweigh human identities by a factor of 45x on average. This has created a buildup of identity-related cybersecurity “debt.”  Buttressing this point, the report found that professionals overwhelmingly (79%) agree that security has taken a back seat to IT, especially in digital initiative investments.

 

Are you protecting the TLS keys and certificates, SSH keys, code signing keys, and user certificates? Find out how.
The build-up of cybersecurity debt

The expansion of digital initiatives has created an explosion of human and machine identities, often tallying hundreds of thousands per organization. “This has driven a buildup of identity-related cybersecurity ‘debt,’” according to the report from CyberArk based on a survey of 1,750 IT security decision makers.

“Every major IT or digital initiative results in increasing interactions between people, applications and processes, creating large numbers of digital identities. If these digital identities go unmanaged and unsecured, they can represent significant cybersecurity risk…

“Identities are a prime attack vector and waiting to apply security controls after an attack is not a responsible security policy.”

--CyberArk 2022 Identity Security Threat Landscape Report, April 2022

Machine identities now outweigh human identities by 45x

The debt described in the report represents the future costs of addressing security vulnerabilities that have accumulated but were not “paid down” as new systems and applications were deployed, CyberArk said.

“A significant source of this cybersecurity debt stems from failure to protect sensitive assets and data from unauthorized access as identities are created en masse and proliferate unchecked across the entire IT environment,” the report said.

CyberArk says that causes of the debt include:

  • Machine identities now outweigh human identities by a factor of 45x on average.
  • 68% of non-humans or bots have access to sensitive data and assets.
  • The average staff member has greater than 30 digital identities.
  • 87% store secrets in multiple places across DevOps environments, while 80% say developers typically have more privileges than necessary for their roles.
DevOps, CI/CD are problems

Identity Security shortcuts are rampant in DevOps, CI/CD (continuous integration and continuous delivery) and other development environments, driving up more debt, according to CyberArk:

  • 87% reported that secrets are stored in multiple places across DevOps environments.
  • Half of respondents said application credential security is left up to developers—business users known for emphasizing speed and collaboration over security
  • 80% agreed that developers have more privileges than they need.
It’s unanimous: Zero Trust is essential

There is nearly unanimous agreement that the Zero Trust cybersecurity model (“trust nothing; verify everything”) is essential to establish strong defense-in-depth controls and is the best path forward, the report said.

“In examining organizations’ current position along the Zero Trust maturity curve, the survey found nearly 100% were doing something to establish Zero Trust principles,” according to CyberArk.

The 2022 attack surface

Digital transformation and cloud migration are expanding the attack surface.

Credential access was the number one area of risk for respondents (at 40%), followed by defense evasion (31%), execution (31%), initial access (29%) and privilege escalation (27%), according to the report.

Over 70% of the organizations surveyed have experienced ransomware attacks in the past year: two each on average.

Sixty-two percent have done nothing to secure their software supply chain post the SolarWinds attack and most (64%) admit a compromise of a software supplier would mean an attack on their organization could not be stopped, CyberArk said.

How to protect machine identities: Venafi's guidance

The following is guidance from Venafi, separate from the report: 

Many organizations have tried in vain to manually manage the rising number of machine identities. Manual management techniques often foster siloed procedures, errors and security gaps, leaving the organization without visibility into the number and status of machine identity ownership.

A solid machine identity management strategy should involve investment in a solution that allows the organization and the security teams to have clear visibility of all deployed machine identities, ensure ownership and governance, protect associated cryptographic keys and  automate distribution and rotation.

Venafi Trust Protection Platform is a comprehensive solution for managing all TLS, SSH and code signing machine identities. This platform can manage and protect machine identities across teams and departments in on-premises, cloud, cloud-native, multi-cloud, and hybrid environments.

Do you have any zero trust gaps in your machine identity management strategy?

Related Posts

Like this blog? We think you will love this.
us-russia-cyber-war
Featured Blog

Clear Majority of Cybersecurity Professionals Believe They are in a Perpetual State of Cyberwar: Venafi Survey

Current geo-political con

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Brooke Crothers
Brooke Crothers
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more