Skip to main content
banner image
venafi logo

Venafi Study: Critical Machine Identities Protected Less than Human Identities

Venafi Study: Critical Machine Identities Protected Less than Human Identities

image of a man in a suit with a digital brain floating in place of his head
December 19, 2019 | Emil Hanscom

People rely on usernames and passwords to identify themselves to machines so they can gain access to data and services. Machines also need to authenticate themselves to each other so they can communicate securely. To do so, they rely on cryptographic keys and digital certificates, which serve as machine identities.

Organizations will spend over $10 billion protecting human identities this year, but they are just getting started with protecting machine identities. When you look at the growth numbers, however, you see a striking disparity in the priority of investement. The number of humans on enterprise networks will remain relatively flat over the next few years, while the number of machines that need identities—including virtual machines, applications, algorithms, APIs and containers—is growing exponentially. Because cybercriminals understand the power of machine identities, they are quick to exploit those that are underprotected.




But, just how many organizations are taking necessary steps to effectively manage their machine identities, especially when compared to human identities? To better understand the gap between implementation of security controls for human identities and those for machine identities, Venafi sponsored a survey that evaluated similar security controls for each type of identity.


Unfortunately, our survey revealed that enterprises aren’t effectively managing and protecting their machine identities. For example, just half (54%) of organizations have a written policy on key length and randomness for machine identities, but 85% have a policy that governs password length for human identities.

“Identities are widely recognized as a key element in the threat landscape,” says Kevin Bocek, vice president of security strategy and threat intelligence for Venafi. “Machine identities are a relatively new, and very effective, point of attack, but there is a huge gap between the security controls applied to human identities and those applied to machine identities. This is a problem because the future of digital business relies heavily on machines.”


Additional findings from the study include:

  • Less than half (49%) of organizations audit the length and randomness of their keys, while 70% do so for passwords.


  • Only 55% have a written policy stating how often certificates and private keys should be changed, while 79% have the equivalent policy for passwords.



  • Only 42% of organizations automatically enforce the rotation of TLS certificates, compared with 79% that automatically enforce the rotation of passwords.


  • Only 53% audit how often certificates and private keys should be changed, compared with 72% for passwords.

“Enterprises are seeing dramatic growth in container usage, artificial intelligence, microservices and IoT devices, as well as machines in cloud and virtualized environments,” concludes Bocek. “Everyone—from CISOs to security architects and security practitioners—must prioritize the management of machine identities for their organizations’ digital
transformation to be successful


Are making sure your machine identities are properly managed?


Related posts

Like this blog? We think you will love this.
Featured Blog

The (Nation) State of Cyber: 64% of Businesses Suspect They’ve Been Targeted or Impacted by Nation-State Attacks

82% believe geopolitics and cybersecurity are intrinsically linked

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Emil Hanscom
Emil Hanscom

Emil is the Public Relations Manager at Venafi. Passionate about educating the global marketplace about infosec and machine-identity issues, they have consistently grown Venafi's global news coverage year over year.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more