The best minds in machine identity protection were all gathered in Orlando this week to share their collective knowledge of threats to machine identities and strategies for optimizing their protection. On the opening day of the Venafi Machine Identity Protection Global Summit, industry experts from a variety of backgrounds all agreed on one point: protecting machine identities is important now and will only become more critical as we move further into the digital age.
In his opening keynote address, Venafi CEO Jeff Hudson illustrated the urgency of machine identity protection. In the not-too-distant future, machines will play ever more critical roles in our lives and we need to be able to trust them implicitly. Jeff cited the example of a self-driving car faced by an impossible choice. When another car suddenly pulls out in front of the self-driving car, it must make a split-second decision. Will it impact with the car and potentially injure occupants, or will it veer to the sidewalk and endanger pedestrians? That illustration brings arguments about trust to a whole new level.
As we move into the final stages of digital transformation, we will have to trust machines with more and more of our personal (and corporate) wellbeing. And the only (or at least best) way that we can determine which machines to trust is by verifying their identities. To complicate matters even more, cyber criminals already realize the importance of machine identities in validating (or impersonating) trust. We can see their focus in the fact that we now have tens of millions of instances of malware that are signed by forged or stolen certificates in an effort to evade traditional security measures.
The seriousness of this threat was echoed by Gartner Sr. Analyst David Mahdi who posited the idea that cryptography should be critical infrastructure. He argued that because data is in many ways the new oil, we need to be able to trust that data. And with digital business, we need digital trust. And that all boils down to identity. As a result, PKI is making a comeback and protecting machine identities is more important than ever. What might we do about it? Focus areas for successful machine identity protection should include certificate lifecycle management, automation, and crypto agility.
From the perspective of the high-profile security executive, former CIO during the Obama administration, Tony Scott, weighed in on the importance of protecting machine identities. Tony was responsible for the HTTPS Everywhere mandate that radically increased the use of encryption throughout the Federal government. He spoke of the importance of security vehicles, such as encryption and advised, “If you don’t design security into your core architecture, it’s really hard to get it right later.”
The bottom line is that experts from all walks of life agree that protecting machine identities is critical to the success of security strategies in the new economy. How well are you protecting yours?