If your organization has rolled out or is starting to implement a machine identity management program, well done. Machine identities protect the machine-to-machine communications that authorize and validate machine access to valuable data, so protecting those identities is important.
And if you’re new to machine identity management, you might wonder what’s the best way to measure progress and success of your program. Machine identity management is still relatively new so there aren’t as many resources and guides as there are for things like identity and access management programs that protect human identities. Plus, there’s not a single set of metrics to track. We know from experience that machine identity management goals and objectives vary at different organizations and different objectives should be measured in different ways.
New Statistics Viewer in the 21.4 release makes it easier to understand the Venafi Platform and how the product is used
When thinking about measuring success, setting the goals and objectives for your machine identity management program is the right starting point. For many organizations (and the majority of Venafi customers), their initial machine identity management goal is to stop application outages that happen when TLS certificates expire. These outages result in lost revenue or brand damage to the organization, low morale for the teams involved and are often a cause of friction between teams responsible for machine identities and application owners.
Outages aren't the only thing making organizations look to machine identity management. Massive increases in software supply chain attacks are causing people to look closer at code signing certificates and SSH keys to make sure they're not susceptible to misuse. And many organizations are building machine identity management from the ground up for infrastructure-as-code and policy-as-code design patterns that give developers the speed required to innovate while using machine identities that stay safely within the guardrails established and supported by security and compliance teams.
For Venafi Trust Protection Platform customers, the 21.4 release includes a new statistics viewer to visualize key statistics and metrics within the Venafi Platform and products. This data is useful for tracking ROI for products, monitoring performance, throughput and resources—as well as for troubleshooting purposes. Many of the metrics are also very helpful in measuring the success of your machine identity management program.
Since the statistics viewer can use multiple data sources from the Venafi Platform and associated products, let’s look at a few examples of where you could use that information to measure the success of your machine identity management program.
If your machine identity management program goal is to stop application outages caused by expired TLS certificates, some of the most important metrics to track for stopping outages are the ones you would track outside of the statistics viewer, like the number of outages and the number of near misses. Fewer outages (ideally none) mean less downtime and outage costs (both operational and opportunity).
That said, the statistics viewer can display additional data that shows if the Venafi Platform and TLS Protect are being used successfully to manage TLS certificates, which reduces the risk that certificates will expire and cause an outage. Examples of indicators you could track from TLS Protect and the Venafi Platform to determine progress in meeting this “stop outages” goal include:
You can eliminate risk by discovering unknown or hidden machine identities and machine identities that don't meet security policies and by ensuring valid machine identities are being used as designed.
Within the Venafi Platform and products, there are many indicators to track the progress being made to prevent machine identity misuse. Examples include:
Organizations with a goal to develop modern applications quickly while ensuring they are secure need to optimize machine identity services for developers—so they do not have to scope and build services themselves and are standardized across all development environments. An example of how to track progress towards this goal include:
We’re just scratching the surface here when it comes to metrics that can be tracked and shared using the new statistics viewer in the Venafi Platform. If you’re a Venafi customer, I’d encourage you to talk to your solution architect to learn more about it or upgrade to the latest release and try it out yourself. There’s also much more that’s new in the 21.4 release so visit docs.venafi.com and check out the latest release notes.
If you’re not currently a Venafi customer and want to find out more about our award-winning machine identity management platform, Venafi Trust Protection Platform, click here.