Skip to main content
banner image
venafi logo

Venafi Survey: Top Machine Identity Challenges for Financial Services

Venafi Survey: Top Machine Identity Challenges for Financial Services

young businessman putting his head in his hands with an overwhelmed expression
November 4, 2019 | Dorothy Moore


Digital transformation has propelled 

a wave of new technological advancement that has arguably enriched people's lives. By the same token, the proliferation of machines—physical, virtual and in the cloud—has posed many security challenges and threats across industries, banking being the most noteworthy. As this "rise of machines" expands the threat vector, most banks and financial institutions are faced with increased pressure to protect their customer data and brand.




Learn why Rich Baich, CISO at Wells Fargo, advocates effective management for machine identities. 




In this blog, I’ll share findings from a survey we did of the top 100 financial services firms. In the process, I'll explore some of the key trends impacting machine identity management in the financial sector. Here are the top concerns that financial institutions face in managing security risk in today's machine identity threat landscape.


Managing security risk is the top concern

The biggest area that most of our financial customers are concerned about is managing security risk. According to Verizon Data Breach Report there were 2013 major data breaches last year. Out of these breaches 10% or 207 of all major data breaches in 2018 were targeted at financial services firms. Breaches often have a huge financial impact associated with them. Banks are constantly getting attacked by both internal and external threat actors, often motivated by financial gain.

According to the Identity Theft Resource Center financial services get hit a whopping 300 times more frequently than businesses in other industries. As a result, many of our customer in the banking sector are extremely concerned about managing security risk. And what we found when we spoke with some of these big banking customers is that the most successful are those that have a solid framework in place for minimizing security risk. And a best practice for a lot of our customers is frequently monitoring the machine identities to ensure compliance with central security team policies and regularly remediating those machine identities that are out of compliance. And that’s really the key to success here is really getting a good handle on machine identities.



Certificate outages is a close second

The second biggest concern of our banking customers is outages on critical network infrastructure such as network devices, applications and mission-critical servers. Machine identities are pivotal to network communications. And an outage is often caused by a failure to renew expiring machine identities. This can be extremely disruptive for a bank or other financial services firm. Before coming to Venafi, many of the banks that we talked to were actually using spreadsheets or some sort of homegrown solution and this left a lot of room for human error. And when there’s human error, that leads to outages or other security risks. These banking customers can greatly reduce the risk of outages by automating processes around renewals.


Top priorities for machine identity management

As we talked to a number of the very largest banks that are using Venafi, we also asked them about their top priorities for machine identity management. Here’s what we learned, in order or priority.

  1. Centralized visibility
    Before deploying Venafi, a lot of banking customers hundreds of thousands of certificates and keys but they really didn’t know where they were being used and what they were being used for. Basically what Venafi has done is help customers get visibility into all the keys and certificates they have out there. Using discovery capabilities, financial services customers can build a centralized inventory of all their machine identities across their environment. It’s also pivotal that they understand when certificates are scheduled to expire so that they can have a process in place to ensure those certificates that should be renewed actually are. With centralized visibility, financial services customers can also leverage Venafi for finding vulnerabilities, such as weak or self-signed certificates, which may pose a security risk or are out of compliance with centralized policies.

  2. Policy enforcement and compliance
    Managing regulatory compliance has been an enormous challenge for banks as the volume of regulations has increased dramatically over the last few years. Venafi helps these companies by developing an overarching policy for the machine identities that all users within a bank have to comply with. Venafi also helps with compliance audits by providing a good paper trail for who has accessed which systems and when.

  3. Self-service certificates
    Many central security teams that we talk to in some of our largest banks are resource challenged. At the same time, many of these banks have literally hundreds of thousands of machine identities deployed across the enterprise. This makes it nearly impossible for a central security teams to manage all the machine identities themselves. As a result, many banks deploy self-service portals so that internal stakeholders who require certificates and keys can order them themselves. At the same time, central security teams want to put in place policies and controls for what sort of certificates are ordered and how they are deployed. With Venafi, central security teams can create an overarching policy that must be used by all users. Within this framework there is some flexibility for users or teams to create sub policies. And the central security teams then can enable varying permissions for things like simple read-only access for audit purposes or being able to run reports or create or delete certificates. Having a self-service portal for users enables central security teams to empower their stakeholders to order and deploy their own certificates and keys. By following this process, the central security team is comforted by the fact that they know they are being deployed according to policies.

  4. Automation
    Outages is a main concern for many of our customers and automating processes around renewals can really minimize outages. Banks love the fact that they can remove the risk of human error with automation. One of the benefits of Venafi is the fact that we have the widest ecosystem of partners with 1000 plus out of the box integration with third parties. So if a customer needs to automate certificate authority renewals with mobile devices, network devices, applications, cloud or DevOps, we can help them with a wide array of integrations with third parties to automate all of these different processes, which is a huge benefit.

  5. Cloud and DevOps
    A lot of our customers are concerned because typically many cloud and DevOps teams want to run fast and nimbly. And what often ends up happening when you are running too fast is that people can implement certificates and keys that are out of compliance with centralized security policies. Like issuing self-signed certificates in a DevOps environment. And that’s really one of the things that we have been helping customer do is keep the central security team in control of which certificates are compliant or non-compliant.


The bottom line

is that it’s really important for financial services firms to begin to focus on gaining the visibility, intelligence and automation that will help them drive machine identity management across their business. To do this, it’s important that they get a platform or solution in place that’s going to handle all this now. But they’ll also need to be prepared as things becomes increasingly more complicated as the speed increases and as the scale starts expanding beyond what we can imagine today. Machine identity management is a new space but it’s critical for protecting the keys and certificates within financial services.



Related posts


Like this blog? We think you will love this.
Featured Blog

From Babuk Source Code to Darkside Custom Listings — Exposing a Thriving Ransomware Marketplace on the Dark Web

Research: Venafi and Forensic Pathways

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Dorothy Moore
Dorothy Moore

Dorothy Moore is Competitive & Market Intelligence Director at Venafi. She has over 15 years of global IT and Telecom experience in business development, product marketing, competitive intelligence and market research. Previous jobs have included positions at TripWire and AT&T.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more