Businesses over the last two years have become increasingly digitized and interconnected. Remote work and cloud migration have created new norms and business models. Although technology has created new opportunities, new security challenges have emerged.
Organizations are shifting from a perimeter-based security to an identity-based approach. Machine identities and human credentials now work together to protect an organization’s most valuable asset—data. Shouldn’t the credential management and machine identity management solutions work together too?
Before trying to answer the question above, it is essential to understand that both machine identities and human credentials are two important components of the overall Identity and Access Management (IAM) program. In a widely distributed business and computing environment, where identities are now the new perimeter to defend, controlling the access to data is crucial.
Robust access control is also the cornerstone of a Zero Trust security approach—the strategy to trust devices, workloads and people in an untrusted environment. But there isn’t a ‘one-stop-shop’ solution to both machine identities and human credentials. Even though most organizations are investing heavily in protecting human credentials, many security vendors are still providing varying approaches to managing the keys and certificates that comprise machine identities. And despite the relatively larger number of machines, investment in machine identity management lags far behind that of human credential management.
The Thales Access Management Index 2021 report illustrates a highly fragmented landscape at the enterprise level. A third (33%) of respondents said they use three or more authentication access management tools. Coordinating that many systems can, at a minimum, create operational complexity, but it can also increase the risk of errors or misconfigurations creating security gaps.
Machine identities validate the authenticity of non-human entities connected to corporate networks. These entities can be tangible, like IoT sensors, mobile devices as well as abstract infrastructures like containers and microservices. The prevalence of machine identities, combined with an overall lack of understanding of how to protect them, have made them a target for cyber criminals, who misuse them as effective attack vectors for infiltrating corporate networks and exfiltrating data.
Research demonstrates that machine identities have become hot commodities on the dark web and a key part of Crime-as-a-Service toolkits, particularly for threat actors who lack the technical skillset of a traditional attacker. They provide threat actors multiple ways of infiltrating networks. For example, cyber criminals can leverage machine identities to evade detection by hiding in encrypted traffic. Impersonating a trusted machine to gain access to sensitive data or to pivot across a network is usually a successful tactic for threat actors. It is, therefore, essential to prevent such attacks via investing in protecting your machine identities.
On the other hand, weak user authentication exposes the credentials for attackers to steal or compromise them. The Verizon Data Breach Investigations Report (DBIR) 2021 indicates that credentials are the most sought-after asset in data breaches. Compromised credentials are then used to launch further attacks, such as privilege abuse and impersonation attacks to exfiltrate personal data.
Organizations need to advance their capabilities to keep up with increasingly sophisticated adversaries. Improving machine identity management and access management are critical elements of organizations’ progress in moving beyond perimeter-based security models and toward a Zero Trust approach.
The following considerations must be well thought through when selecting identity management solutions:
Is your machine identity management integrated into your strategy for identity and access management?