Skip to main content
banner image
venafi logo

Visibility, Intelligence, Automation: Three Reasons to Expand Machine Identity Protection

Visibility, Intelligence, Automation: Three Reasons to Expand Machine Identity Protection

nCipher HSM Venafi Machine Identity Protection
March 18, 2019 | Juan C. Asenjo, nCipher Security

Underage machines aren’t necessarily buying alcohol with fake IDs, and that’s not the reason to protect machine identities!

By 2020, Gartner estimates, internet connected devices will outnumber humans four to one, and we must be able to trust these devices. Consequently, we must protect them from attacks that can destroy the services they deliver to improve our daily lives. From business logistics to healthcare, we depend on connected machines to improve our standard of living.

In this and the accompanying blog written by our colleague Bridget Hildebrand from Venafi, we discuss the reasons why we must expand machine identity protection and the critical factors to consider when integrating it with Hardware Security Modules (HSMs).

Connected Device Roles and Capabilities

Machines today:

  • Are increasingly connected to each other
  • Have the ability to collect vast amounts of data
  • Share information with other machines, and
  • Make autonomous decisions based on the situation they find themselves.

Device visibility, intelligence, and automation are characteristic of this developing ecosystem and we must choose machine identity protection accordingly.

Visibility is the capability devices have to develop situational awareness of the environment in which they are deployed. For an IoT device to function with other devices in a network, it must not only be able to see those other devices, but also be sure of their authenticity.  To this end, machine identities in the form of digital (birth) certificates enable other devices to identify them, validate their legitimacy, and authenticate that they are authorized to operate within a particular ecosystem. This provides the foundation of trust necessary to have confidence in the system and the services it delivers. And we must be able to see all of these machine identities to be able to protect them.

Intelligence refers to machines’ ability to gather and share information, and to be able to extract insight not initially discernable from the environment. As machines collect and assemble vast amounts of data, specialized algorithms help them see trends and allow them to make predictions. As machines “talk” to each other and share data, they must constantly authenticate each other’s identities and validate what they are authorized to do and share. Machine identities again are the basis for trust in establishing those close groups and we need ready access to machine identity intelligence to be able to act quickly, when necessary.

Automation enables machines to make independent decisions based on what they see in their current environment and what they expect future states to be. With automation, it is even more important to protect machine identities and ensure autonomous decisions are trustworthy. Automating the entire machine identity lifecycle will also eliminate any mistakes caused by human error—keeping machine identities available and secure.

Trust through PKIs and Certificate Authorities

Machine identities are issued and validated through digital certificates. Digital certificates are signed by a trusted certificate authority as part of a public key infrastructure (PKI). Securely orchestrating certificates across a large population of machines requires specialized software and hardware and the protection of the underpinning cryptographic keys that sign the certificates.

Because underpinning keys are critical to the security of today’s highly connected systems, it is also imperative to protect  keys from insider threats and other attacks. Keys stored in software can be replicated in memory, and become vulnerable. Segregating your critical cryptographic keys within a FIPS 140-2 and Common Criteria certified hardware security module (HSM) is not only considered a best practice among cybersecurity professionals, but it also facilitates regulatory compliance.   

Venafi together with nCipher expand machine identity protection at scale with the highest level of trust, integrity and control. Venafi Advanced Key Protect integrates nCipher nShield HSMs to ensure organizations deploying machines across their systems are not only using strong cryptography, but that the critical signing and transactional SSL/TLS keys are protected from compromise through their entire lifecycle.

The next time you ask your home digital assistant for the latest traffic report, hop in to your car and follow the directions from your phone, and let your wearable device monitor your stress level as you navigate down the busy highway to your destination, rest assured you won’t need to card these devices to prove their identity. It’s all happening in the background with trust, integrity, and control thanks to the technology that Venafi and nCipher have developed.

To learn more about expanding machine identity protection read Bridget Hildebrand’s blog “Why You Need Trust, Integrity and Control for Machine Identities in HSMs”, and check our websites at Venafi and nCipher. If you want to reach me for further discussion, don’t hesitate to contact me on Twitter @asenjoJuan.

Related posts

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

orchestrate machine identities

3 Reasons You Need a Root of Trust When Orchestrating Machine Identities

protect application machine identities

3 Reasons You Should Treat Applications as Machine Identities in Your Security Strategy

About the author

Juan C. Asenjo, nCipher Security
Juan C. Asenjo, nCipher Security
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat