Personally, I love it when people ask me what machine identities are and why they should care about them. It’s an easy concept to explain and it’s always rewarding to see the light go on in their eyes. More often than not, when I put machine identity protection into context for them, their response is “Wow. I never thought about machine identities in that way. So that means…”
Here’s the way that I like to explain machine identities to those who ask:
On every network, there are two actors: humans and machines. Humans employ user names and passwords to identify themselves. Machines also need to identify and authenticate themselves when they connect to each other, but they don’t employ user names and passwords. Instead, machines use keys and certificates. Every year we spend billions of dollars protecting user identities, but very little protecting machine identities. Cyber criminals know this. And it’s very lucrative for them to steal or forge machine identities because machine identities allow them to gain broad access into network resources, and cover their tracks by hiding in encrypted tunnels. Bottom line: if you don’t know where your machine identities are installed and exactly who’s using them, you may never be sure they’re not being misused by cyber criminals.
To better understand the importance of protecting machine identities, it’s good to know how they are being used in organizations like yours. Here goes: Machines use encrypted connections to establish trust in all kinds of digital transactions. To do this, machines identities use digital certificates and cryptographic keys to validate the legitimacy of both communicating machines. To put this into context, let’s talk about five ways that machine identities are being used to support a wide variety of vital business functions in your organization.
Securing web transactions with HTTPS
SSL/TLS certificates are critical to the security of web transactions, such as online banking and e-commerce. These certificates create an encrypted connection between a web browser and web server. If cyber criminals gain access to these critical machine identities, they can eavesdrop on encrypted traffic or impersonate a trusted system in a phishing attack.
Securing privileged access
Most organizations use SSH to secure system-administrator-to-machine access for routine tasks. SSH is also used to secure the machine-to-machine automation of critical business functions. SSH keys ensure that only trusted users and machines have access to sensitive network systems and data. However, if cyber criminals gain access to your SSH keys, they can use them to bypass security controls and gain privileged access to internal network resources and data.
Securing Fast IT and DevOps
DevOps teams use cloud-based, self-contained runtime environments, known as containers or clusters, to run individual modules called microservices. Each microservice and container should have a certificate to identify and authenticate it and to support encryption. These certificates serve as valid machine identities that allow containers to communicate securely with other containers, microservices, the cloud, and the Internet. In the interest of development speed, developers may be tempted to skimp on key and certificate security, exposing your organization to unnecessary security vulnerabilities.
Securing communication on consumer devices
Digital certificates provide the foundation for authenticating mobile devices that access enterprise networks. They can also enable access to enterprise Wi-Fi networks and for remote enterprise access using SSL and IPSEC VPNs. However, without central oversight, it’s difficult to protect these functions on mobile devices. This can result in misuse when certificates are duplicated on multiple devices or past employees continue to use unrevoked certificates.
Authenticating software code
Software is usually signed with a certificate to verify the integrity of the software. When used properly, these certificates serve as a machine identity that authenticates the software. However, if cyber criminals steal code-signing certificates from legitimate companies, they can use them to sign malicious code. Because it is signed with a stolen, legitimate certificate, the malicious code doesn’t trigger any warnings, and unsuspecting users will mistakenly trust that it is safe to install and use.
Hopefully, you’re beginning to understand how important machine identities are to almost everything in your organization and how they can be misused by cyber criminals. Now that you are thinking about it, are your machine identities protected?