Skip to main content
banner image
venafi logo

Most Businesses Can’t Tell You Which Machine Identities They Are Managing: Putting the Cake Before the Cherries

Most Businesses Can’t Tell You Which Machine Identities They Are Managing: Putting the Cake Before the Cherries

machine identity management
August 19, 2019 | Stephane Dorchin


Visibility into machine identities—such as digital certificates and cryptographic keys—helps to anticipate workload, outages, identified weak machines identities, vulnerabilities, and risk exposure. It’s an operational and vital security question.

 

Visibility is no longer a "nice to have”, it is a “must have.” And time is of the essence.
 



Would you go to an unknown city by road without a map (paper or digital)? Certainly not if you want to be efficient. You would at least take high level map to know what direction to take or a detailed one to follow the most straight forward road.

 

“Easy comparison Stéphane”, a CISO once said to me, “but in real life, it’s not so easy to get a mapping of the machines identities…”

 

Really, have you tried to do this ? For a long time now, you have had this map of your users, and yet you may not have done anything regarding the machines in your business. Yet the number of machines in your company is 10 times greater than the numbers of users; these machines which are effectively running your business, ensuring your compliance and managing and securing your data and finances.
 

 


"The machines are here to stay and we can’t continue to ignore them."
 


Referring back to my previous analogy about the cherries on the cake, you are often tempted to be more focused on the cherries (governance and automation) without first focusing on your cake (visibility).
 

When I talk to CISOs (or RSSI in France), the majority of them suggest that I talk to their IT team or SecOps because machines identities are not in their scope. Ah ? A CISO doesn’t deal with security or doesn’t provide governance?  Yes, of course they deal with security but most of the time CISO actions are focused on humans/users


So I go and speak to their IT departments and meet with SecOps, PKI teams, production, network, the security architect, Devops etc etc. In short, it is rare for these security experts to have even a vague idea about all their machines and machines identities, and most had no idea at all. I asked them a simple question, “Are we secured (because I’m one of your customers)?  Their answers usually go something like this,

 

"We think we are [secured], because we have deployed machine identities thanks to our PKI - but not on all machines, and we don’t know what, or when or where machines are deployed."
 

Ok guys, you have scared me enough, you’re currently blind but that doesn’t matter for now. The important question is: “Do you want to stay like this and wait to be hacked (like Equifax or Marriott). Do you want to see outages increasing because more and more certificates are expiring which you are unable to anticipate?”  I’m not talking about automation, governance, risk assessment, Crypto agility, SHA1 SHA2 migration. All of those are cherries on the cake.


 

We need to focus on the cake first, which is visibility.
 



And visibility is simple, oh yes it is … It’s mainly a question of priority and willingness from your side, and having the right tool to give you that visibility. What if I were to tell you that you could easily have the visibility you need of all your machine identities? With Venafi, you can.

 

You can create an inventory of all your certificates and keys which are currently active on your network (whether issued by you or not).


In addition, you can have a list of all the illegitimate certificates affiliated with your company on the Internet.


Sure, it is likely you will get thousands and thousands of machines identities, with all the ‘’crispy’’ details, such as expiration date, issuer, crypto characteristics, number of duplicate identities, where installed and more. Would you like some great cake?
 

Just imagine how many cherries you add to this type of visibility? With the extensive visibility capabilities enabled by the Venafi, you get your cherries and your cake. We do understand however the need to first use the visibility capabilities to understand about your machine identities before you can take further actions


So we have decided to let you use our platform to gain your visibility, build your inventories, identify your vulnerabilities and know the volume of your machines identities. You will be able to identify where they are, who they are and take appropriate action when required. 

 




You will know what your exposure is, and once you know that you can act. Armed with that information, you will be able to build strategy based on your quantified risk assessments and then decide to govern, control and automate this world: the cherries.

 

We'll be there for the cherries, but let's start with the cake.


In my next blog, I will tell you how to bake the cake. If Visibility is the cake, Intelligence is the baking. And all of this needs to happen before you apply the cherries of Automation and governance. I’m French and I like patisserie. I know that a badly made cake will never be any good,  no matter how good the cherries are. And everybody wants to eat a good cake with good cherries.

 



So we’re not yet at the cherry level, but with good baking, you will have a great cake worth putting cherries on.
 

 

 

 

 

 

 

Related posts

 

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Stephane Dorchin
Stephane Dorchin

Stephane is the Southern European Director for Venafi and has over 20 years of experience in the cybersecurity industry. His career has included key player roles at Nasdaq BWise, Iron Mountain Digital and Symantec.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more