Skip to main content
close search
site logo
Dive Brief

Machine identity remains a mystery, threatening digital security

Published Sept. 2, 2021
David Jones's headshot
Reporter
Nigel Treblin via Getty Images

Dive Brief:

  • Six in ten organizations lack full awareness of all the certificates and keys across their digital assets, leaving them vulnerable to malicious threat actors or other disruptive incidents, according to a study by Vanson Bourne on behalf of AppViewX. Researchers surveyed 1,000 decision-makers across the U.S., Europe, the Middle East and other regions. 
  • Among organizations that lacked full awareness, nearly all (96%) experienced an event that could have damaged operations. More than half (55%) of the firms suffered a cybersecurity breach, 47% suffered a loss in employee productivity, while more than a third (35%) suffered system outages and one-third experienced financial losses. 
  • Organizations are having difficulty managing machine identities across different areas of their infrastructure, including operation technology, IoT infrastructure, on-premises infrastructure, in the cloud and across containerized infrastructure, according to the report.

Dive Insight:

Digital transformation has led to an explosion of different types of machines that communicate with each other and need to identify themselves, according to research by Gartner. Machine identity management handles how credentials are run, including SSH keys, cryptographic keys and X.509 certificates. 

As more companies undergo digital transformation and embrace hybrid cloud and multicloud environments, the number of machines that must be identified increases. Companies also need to manage what level of privileges to give each connected device.

Without a way to automate the identities of various machines interacting with an IT network, companies remain vulnerable to being attacked by malicious threat actors through a variety of methods, such as impersonation, compromised keys or entering through unsecured back doors, according to researchers at AppViewX.

"Like human identity management, machine identities have to be managed and governed in enterprises especially with the digital transformations, remote work and cloud focus," Murali Palanisamy, chief solutions officer at AppViewX. 

The risk can be compared to a country that issues passports to its citizens, but has no way of tracking, auditing and revoking those passports. 

"In an enterprise when a digital certificate is issued, there is an important need to make sure they are fully automated and secured so that no human has clear text access to it to be misused or exploited," Palanisamy said.

Filed Under: Vulnerability

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell