Skip to main content
banner image
venafi logo

White House Focus on Zero Trust Misses the Mark on Machine Identity

White House Focus on Zero Trust Misses the Mark on Machine Identity

white-house-zero-trust-misses-the-mark-on-machine-identity
February 4, 2022 | Brooke Crothers

A January 26 White House Office of Management and Budget (OMB) memorandum spells out a new zero trust approach to national cybersecurity stating that the “the foundational tenet of the Zero Trust Model is that no actor, system, network, or service operating outside or within the security perimeter is trusted.” It goes on to say that “it is a dramatic paradigm shift in philosophy” from verify once at the perimeter to persistent verification of every user, device, application, and transaction.

There is a lot said in the memo about protecting human identities but nothing specific about doing the same for machine identities—even though the number of machines in agencies is dramatically larger than the number of humans. Considering this imbalance, does the White House need to include machine identity as part of its brave new world view on security?

TLS Machine Identity Management for Dummies - Download for FREE!
What the White House memorandum says

A more detailed version of the memorandum (PDF) puts forth a “Vision” under “Identity” that includes an action statement:

“Agencies must employ centralized identity management systems for agency users that can be integrated into applications and common platforms.”

Under this, the memorandum goes on to list actions with an emphasis on MFA (multi-factor authentication), being phishing-resistant, and safer password policies. And though “identity” is mentioned 40 times throughout the memorandum, the emphasis is entirely on human users.

This is in line with a narrow focus on human identities rather than a broader view of all digital identities, says cybersecurity writer Anastasios Arampatzis, a frequent contributor to this blog. He adds that half of all internet traffic is created not by humans but by bots—good ones and bad ones.

Identities redefined

The federal government, like other organizations, is dealing with an explosion of systems: mobile devices, applications, cloud instances, containers, microservices, APIs and more, says Diane Garey, Product Marketing Manager at Venafi, adding that “each of these systems needs a machine identity to establish identity and authenticity.”

Think of “identity as code,” says Ivan Wallis, Senior Solution Architect at Venafi.

“When you sign software you are putting your brand on it, and so essentially the identity travels with the software.  Zero Trust assumes no trust at all and so there is a need to include that identity in the software,” Wallis says.

Zero trust and machines in the cloud

The memorandum also has a lot to say about the cloud and migrating to a zero trust architecture. 

As Venafi has stated often in this forum, moving to the cloud, by its very nature, means data resides outside the enterprise’s perimeter. And as more and more machines “are spun up in the cloud, we need to assign security parameters based on their purpose,” according to Wallis, writing in a Venafi blog.

Wallis poses the questions: What are they doing? Are they crunching numbers? Are they serving up web pages? Or are they enabling some other sort of automated infrastructure?

“In this sense, Zero Trust automatically assumes that a given activity is not allowed on a machine unless it falls within the acceptable security parameters for the user and function,” Wallis says.

Machines as attack vectors

It’s no wonder that Gartner has named machine identity management as a foundational technology for securing organizations and enforcing a Zero Trust strategy. Compromised machine identities are a huge risk for enterprises in 2022 and beyond as they become attack vectors for adversaries to invade corporate networks, hide their activity and escape security controls.

To authenticate and authorize these machines to access corporate resources, organizations leverage cryptographic keys and digital certificates to serve as machine identities. As the number of machines increases, machine identities are spiking.

Will the U.S. government at some point address this head on? It’s not only necessary but seems almost inevitable given the proliferation of machines.

Protect all those identities

You can establish trust by controlling access at the machine identity level. This also gives you visibility into trust across the environment, allowing you to enforce Zero Trust in your cloud and on-premises environments.

Automated management of machine identities is the way to go. Manual management of machine identities does not scale and often results in siloed practices, which in turn leads to security gaps, leaving an organization without visibility into the number and status of machine identity ownership.

Venafi Trust Protection Platform is a comprehensive solution for managing all TLS, SSH and code signing machine identities. You can protect machine identities across teams and departments in on-premises, cloud, cloud-native, multi-cloud, and hybrid environments.

Related posts

 

Like this blog? We think you will love this.
image representing big data
Featured Blog

Le chiffrement homomorphe : Définition et utilisation

Qu'est-ce que le chiffrement homomorphe ? Le

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Brooke Crothers
Brooke Crothers
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more