Just like user names and passwords authorize access to humans, keys and certificates act as machine identities that authorize and validate machine access to valuable data.
However, in many ways protecting the identities of machines is more challenging than protecting those of humans. Machines may not see subtle red flags. And they don’t act on intuition. So, they may not easily identify machine identity threats. It’s your job to take care of all of that for them.
Most organizations focus primarily on the machine identities they use to ensure the authenticity of web transactions. Think TLS encryption. But increasingly, standards bodies are recommending that you use encryption throughout your network to authenticate all machine-to-machine connections. You may also use machine identities, in the case of SSH, to authorize administrative functions.
The result is an avalanche of new and constantly changing machine identities being used throughout your network, cloud infrastructure and across your extended enterprise.
You need to give all these machines the intelligence they need to make the best choices about which machines should be trusted. Otherwise, they’ll just see what appears to be a valid machine identity and grant access to any machine (good or bad) that presents it.
That’s where several organizations fall down. Not only do they not know how their machine identities are being used, they don’t have a clear understanding of many they are actually using. Many large organizations discover an average of 54% more keys and certificates than they believe they have. When any of these unknown certificates expire, they trigger application outages that can cost millions in lost revenue and productivity.
This lack of control can also aid cybercriminals in infiltrating your network and exfiltrating your data. Weak machine identities can allow attackers to circumvent security controls or pivot across your network. So, cybercriminals dedicate an alarming amount of time and resources to misappropriating machine identities.
What can you need to do right now to minimize these risks? First, you need understand the scope of your exposure by gaining visibility into all machine identities at play in your organization. Then you need the intelligence to make informed decisions based on their location, ownership, behavior and cryptographic characteristics. Finally, you need to act quickly when needed by automating the repair of all machine identity weaknesses or vulnerabilities you discover.