Skip to main content
banner image
venafi logo

Why Is It “Nearly Impossible” to Manually Protect Machine Identities?

Why Is It “Nearly Impossible” to Manually Protect Machine Identities?

certificate management, Forrester Consulting, Machine Identity Protection
January 10, 2019 | Katrina Dobieski

PKI professionals and my grandmother would have a lot to talk about. They both have a lot to keep track of: machine identities for one and birthdays for the other.

My grandmother has 6 children, 26 grandchildren and 12 great-grandchildren. That’s 44 birthday calls to make a year, not including in-laws. For as long as I can remember, she’s hardly missed a one.

Her solution? Not one calendar per family, or one for the grandchildren only, or one for each month. It’s a simple, integrated solution – an exhaustive audit of family dates that she vigilantly enforces on nearly every week of the year. 44 points of data go in, are organized, orchestrated and monitored. It’s a manual process. But it works for her.

The challenges presented to my grandmother are the same as those that large organizations face in defending the cryptographic keys and digital certificates that comprise their machine identities. These challenges are namely: integration, enforcement and comprehensiveness. But it is nearly impossible for PKI professionals to do this manually, especially at the speed and scale of today’s machine identities.

While there are volumes of anecdotal evidence about PKI challenges such as manual management, Venafi wanted something more substantial to document these challenges. So we commissioned an analyst study. The results have been published in "Securing The Enterprise With Machine Identity Protection", a June 2018 commissioned study conducted by Forrester Consulting on behalf of Venafi. The study includes responses from 350 senior IT security professionals who are responsible for their organizations’ identity and access management from the U.S., U.K., Germany, France and Australia.

The study found that 50% of companies experience problems protecting machine identities. According to the study, “companies see machine identity protection capabilities as important, but the majority struggle to execute on those capabilities.”

It all boils down to two main issues: machine identities not being tracked, and insufficient tools to protect them once that are. The scope of the problem is just so much bigger than before. With the rise of IoT devices, new DevOps initiatives and cloud, companies can hardly keep up with what, or where, to protect the growing population of machine identities. According to the Forrester study, “Without the right technology solutions in place, — such as enforcing policies, routine machine identity life cycle management, and responding to machine identity security incidents at enterprise scale — this rapidly fluctuating environment can be perilous.”

Traditional certificate management doesn’t seem to be up to the rigors of protecting today’s avalanche of machine identities. The study noted that “orchestrating the creation, provisioning, rotation, renewal, and replacement of machine identities tasks manually is nearly impossible, given the rapid increase in volume of machine identities and the velocity of changes affecting them.” So the only clear answer is to automate. It’s like buying my grandmother an Alexa device that would automatically send birthday calls 44 times a year. According to the study, “Moving forward, firms need fewer tools that do more …and tools that deliver the comprehensive intelligence required to drive automated protection and response.”

Nobody wants to keep track of thousands of certificates by hand. Not my grandmother. Not Gary in IT. And since when did millions of revenue and reputational dollars rest in those hands? Again, just ask the guys at any company that has suffered a breach and they’ll tell you, you can’t automate enough.

Looking for a reason to automate your machine identities? See the findings.

Related Posts

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

Huawei mobile devices

Encryption Digest 7 | Lethal Apps, Contraband Huawei and A Door that Unlocks Itself

Encryption, Sectigo, EV certificate, extended validation certificate

Encryption Digest 6 | Bank Threats, Leaked Secret Keys and HTTPS Phishing

Encryption, encryption backdoor, HIPAA

Encryption Stories That Caught Our Eye | June 14

About the author

Katrina Dobieski
Katrina Dobieski

Katrina writes for Venafi's blog and helps optimize Venafi's online presence to advance awareness of Machine Identity Protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat