Skip to main content
banner image
venafi logo

Why Are We Still Separating Credential Management and Machine Identity Management?

Why Are We Still Separating Credential Management and Machine Identity Management?

why-separate-credential-management-and-machine-identity
March 14, 2022 | Anastasios Arampatzis

Businesses over the last two years have become increasingly digitized and interconnected. Remote work and cloud migration have created new norms and business models. Although technology has created new opportunities, new security challenges have emerged.

Organizations are shifting from a perimeter-based security to an identity-based approach. Machine identities and human credentials now work together to protect an organization’s most valuable asset—data. Shouldn’t the credential management and machine identity management solutions work together too?

 

Are you facing a machine identity crisis? Venafi can help you out.
">
A fragmented identity management landscape

Before trying to answer the question above, it is essential to understand that both machine identities and human credentials are two important components of the overall Identity and Access Management (IAM) program. In a widely distributed business and computing environment, where identities are now the new perimeter to defend, controlling the access to data is crucial.

Robust access control is also the cornerstone of a Zero Trust security approach—the strategy to trust devices, workloads and people in an untrusted environment. But there isn’t a ‘one-stop-shop’ solution to both machine identities and human credentials. Even though most organizations are investing heavily in protecting human credentials, many security vendors are still providing varying approaches to managing the keys and certificates that comprise machine identities. And despite the relatively larger number of machines, investment in machine identity management lags far behind that of human credential management.

The Thales Access Management Index 2021 report illustrates a highly fragmented landscape at the enterprise level. A third (33%) of respondents said they use three or more authentication access management tools. Coordinating that many systems can, at a minimum, create operational complexity, but it can also increase the risk of errors or misconfigurations creating security gaps.

Managing machine identities is equally as important as managing human credentials

Machine identities validate the authenticity of non-human entities connected to corporate networks. These entities can be tangible, like IoT sensors, mobile devices as well as abstract infrastructures like containers and microservices. The prevalence of machine identities, combined with an overall lack of understanding of how to protect them, have made them a target for cyber criminals, who misuse them as effective attack vectors for infiltrating corporate networks and exfiltrating data.

Research demonstrates that machine identities have become hot commodities on the dark web and a key part of Crime-as-a-Service toolkits, particularly for threat actors who lack the technical skillset of a traditional attacker. They provide threat actors multiple ways of infiltrating networks. For example, cyber criminals can leverage machine identities to evade detection by hiding in encrypted traffic. Impersonating a trusted machine to gain access to sensitive data or to pivot across a network is usually a successful tactic for threat actors. It is, therefore, essential to prevent such attacks via investing in protecting your machine identities.

On the other hand, weak user authentication exposes the credentials for attackers to steal or compromise them. The Verizon Data Breach Investigations Report (DBIR) 2021 indicates that credentials are the most sought-after asset in data breaches. Compromised credentials are then used to launch further attacks, such as privilege abuse and impersonation attacks to exfiltrate personal data.

A holistic identity management program

Organizations need to advance their capabilities to keep up with increasingly sophisticated adversaries. Improving machine identity management and access management are critical elements of organizations’ progress in moving beyond perimeter-based security models and toward a Zero Trust approach.

The following considerations must be well thought through when selecting identity management solutions:

  • Provide clear visibility of all identities and credentials
    The foundation of every security program is the ability to identify all machine identities and user credentials. With organizations moving away from passwords and relying more and more on digital certificates and keys for machine and human identities, knowing your identity landscape will help you determine the best policies and practices for protecting these credentials.

     
  • Ensure integration
    Although you may rely on different vendors for managing your machine identities and user credentials, it is important to ensure the smooth integration of these solutions. Potential functionality gaps may result in painful and complex configuration settings and security holes leaving your organization vulnerable to credential attacks.

     
  • Control and govern the management program
    Although cloud service providers have launched native identity and access management solutions, the best practice is to segregate duties and opt for a neutral solution. In the Thales AMI 2021 survey, 59% of respondents agree that organizations should maintain control over their access security.

     
  • Protect cryptographic keys
    Machine identities and user credentials are effective only if the associated keys are protected. Use of a FIPS-140-2 accredited Hardware Security Module (HSM) is a best practice. HSMs act as anchors of trust and provide high assurance that the secret keys are protected from the preying eyes of an intruder.

     
  • Automate management
    As the number of identities owned by organizations increase, manually managing these credentials is a recipe for disaster. Automation helps minimize effort and reduce errors, while enforcing access policies across the entire enterprise.

Is your machine identity management integrated into your strategy for identity and access management?

Related Posts

Like this blog? We think you will love this.
orchestration-and-automation-machine-identities
Featured Blog

Orchestration and Automation are Critical for Machine Identities

The challenges of identity-based zero trust security

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Anastasios Arampatzis
Anastasios Arampatzis

Anastasios Arampatzis is a retired Hellenic Air Force officer with over 20 years of experience in evaluating cybersecurity and managing IT projects. He works as an informatics instructor at AKMI Educational Institute, while his interests include exploring the human side of cybersecurity.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more