Skip to main content
banner image
venafi logo

Will Your New Technology Succeed without Machine Identity Management? [Ask the Experts]

Will Your New Technology Succeed without Machine Identity Management? [Ask the Experts]

solutions-for-machine-identity-management
October 6, 2020 | Bridget Hildebrand

Every day we see new technologies designed to make our lives better, safer and more efficient. All of these technologies rely on machines, such as cloud workloads, IoT devices, applications, containers, code and more. To operate securely, each of these machines need a unique identity that allows users (or other machines) to determine whether they should be trusted. This is the same for all machine identities, whether they are TLS keys and certificates, SSH keys or code signing certificates.

To further complicate matters, the lifespan of TLS machine identities, in particular, is becoming shorter and shorter. The validity period of a public facing certificate has decreased from five years to just one year. But it’s radically shorter for cloud instances. Twenty days for a VM. One day for a container. And one hour for Lambda.

With development cycles on overdrive, we’re seeing an explosion of machine identities that need to be retired or renewed ever more frequently. Plus, there are new technologies that are changing the way that we define machines. In the midst of this rapid evolution we wanted to understand which new technologies drive the need for machine identity management. So, we asked key developers in the Machine Identity Management Development Fund. Here are their answers.
 

Intrinsic ID: IoT Device Lifecycle

“One of the issues is that there is no standard interface to acquire IoT machine identities with Message Queuing Telemetry Transport (MQTT) and other protocols. Most often, manufacturer or IoT platform defaults are used, and the use of these defaults makes it easy for hackers to compromise the identities and trigger network disruptions with far-reaching effects. Even if strong machine identities are created and updated, device authentication—the ability to verify its identity—remains elusive. I believe that a comprehensive security solution is needed that provides all IoT devices with secure, verifiable and authenticable identities throughout the entire life cycle of a device.”

– Kamal Khan, Global Director – IoT Security, Intrinsic ID

 

ShuttleOps: Serverless Infrastructure

“I think the traditional concept of machine identities is being challenged by non-traditional infrastructure, such as serverless. As enterprises flock toward cloud technologies like this, it's becoming much easier to run applications without traditional infrastructure, but with a greater need for security. This expanse has a two-tiered effect in that the responsibility of securing the application is shifting left while also proliferating the number of endpoints that need to be secured and by association, can be compromised. A centralized approach to awareness and visibility of protection at this level is increasing in need and technologies that manage this protection are required to evolve as quickly as the technologies to make these new approaches more widely available.”

– David Found, VP Engineering at ShuttleOps

 

Indellient: Multi-Cloud Adoption

“According to the 2020 Flexera ‘State of the Cloud’ report, “Cloud spend is rising as organizations adopt multi-cloud strategies and put more workloads and data into the cloud”. In addition, 93% of responding enterprises reported having a multi-cloud strategy which could include multiple private and multiple public clouds.  The report also states that security is the top challenge for enterprises.  I think this accelerated multi-cloud adoption drives the need for a centralized machine identity management strategy.  We’ve seen this with our own clients as they attempt to address this by forming centralized governance teams or turning to managed service providers for assistance.”  

– Sharyl Jones, DevOps Services and Customer Success Manager at Indellient

 

ISARA: Quantum Computing

“Quantum computers will enable threat actors to compromise the security and integrity of the devices and machines organizations rely on for their business operations. To protect systems against quantum-enabled attacks, post quantum cryptographic solutions are required. NIST is currently standardizing a suite of post quantum algorithms which organizations can use alongside new paradigm methodologies to defeat these next generation threat actors.

Ideally, organizations would be able to smoothly upgrade all of their digital certificates and machine embedded cryptography to include post quantum protections. Unfortunately, making such a transition is non-trivial in reality, and the difficulty and complexity increases with the size of the organization. A quantum-safe migration requires organizations have a deep understanding of not only their internal security posture, but also of how their security posture is controlled or influenced by things such as their vendors or suppliers.”

Angelo Fasulo, Director of Strategic Partnerships, ISARA
 

Portshift: Service Mesh Security  

"Organizations that implement containers often ask about using a service mesh layer. While this isn’t obligatory by any means, there are many benefits to running service mesh that make it the sensible choice when seeking security, efficiency, and reliability. The advent of cloud-native applications and containers created a need for a lightweight and agile service that can deliver vital application services such as load balancing, traffic management, routing, health monitoring, security policies, machine identities and user authentication, and protection against intrusion and DDoS attacks.

The concept of the mesh comes from the numerous proxies in the data plane that connects the many disparate containers, clusters, and layers that make up the complex cloud-native environment. With so much communication between microservices, solid encryption for example, becomes a pillar of network security. Service mesh manages machine identities—such as keys, certificates, and TLS configuration—to ensure continual encryption that doesn’t fail on you."

- Ariel Shuper, VP of Product at Portshift

 

Take Aways

As the number of machine identities that your organization relies on continues to grow exponentially, you’ll need to find new ways to automate their availability to critical systems. It will become increasingly important to integrate machine identity management with the new technologies that are driving digital transformation—for cloud workloads, IoT devices, smart machines, applications and containers. To this end, Venafi has gathered the world’s foremost experts to develop solutions that make it easier for our customers to orchestrate machine identities across network and security infrastructures.


This blog features solutions from the ever-growing Venafi Ecosystem, where industry leaders are building and collaborating to protect more machine identities across organizations like yours. Learn more about how the Venafi Technology Network is evolving above and beyond just technical integrations.

 

Related posts

 

Like this blog? We think you will love this.
opencredo-venafi-vault-wizard
Featured Blog

OpenCredo Venafi-Vault Wizard: Bringing InfoSec and Developers One Step Closer

Increasing visibility without slowing down developers

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Bridget Hildebrand
Bridget Hildebrand

Bridget is Sr. Manager, Ecosystem Marketing at Venafi. She has over 20 years of experience managing technology partnerships and global channel programs for a broad range of technology organizations.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more