Machine Identity Management: A Fast-Growing Frontier of Security
Attackers are getting better at compromising machine identities, as billions of new devices and services are introduced to the network.
May 5, 2022
The number of machines enterprise security teams have to manage is exploding.
When it comes to computing infrastructure, servers have been supplanted by virtual machines, which then evolved into containers, which are now evolving into serverless cloud functions.
Then there's the exponential growth in IoT devices, which puts Internet connectivity and brains into machines that used to be relatively dumb and isolated, like printers, cameras, and door locks. According to Cisco, there were 20 billion devices connected to the Internet in 2021, and this number will jump to 29 billion by 2023.
At the same time, more employees are working from home, or in hybrid arrangements, meaning that there's now an army of vulnerable consumer devices that could potentially serve as entry points into corporate networks.
It's no surprise that, last fall, Gartner named machine identity one of the top five cybersecurity and risk trends of the year.
What is a machine identity?
According to Anusha Iyer, co-founder and CTO at cybersecurity vendor Corsha, a machine identity is a unique key used to identify anything from a physical server to a virtual machine, to a Docker container, to an IoT device, or any other physical or virtual device or service.
"Within a data center, machine identities are used all over the place," she told Data Center Knowledge.
For example, machine identities are used to secure communications between microservices, to securely connect workloads to services, or to facilitate any type of automation.
Ideally, each machine will have its own unique identity, via its own key or certificate, and this will change frequently.
"In practice, these identities often get shared across machines, are long lived, and flow through different systems before reaching their final destination," Iyer said. "This poses major security risks and makes it hard to have trust, visibility and control."
Improper identity management can lead to devastating cyberattacks, said Prasanna Parthasarathy, senior solutions manager at the cybersecurity center of excellence at Capgemini Americas, "wiping out entire sections of the enterprise’s IT environment all at once."
One common mistake, he said, is to 'hard code' the authorizations into the communication channels. Instead, certificates should be changed frequently for a more secure environment.
The problem is, the tools and techniques for enterprise-wide machine identity management are still emerging.
The cyber impact of mismanaged machine identities
Traditional identity and access management solutions were built for simpler times, when there were fewer machines, and those machines lived inside the secure walls of a data center's perimeter.
The impact? Increased numbers of cybersecurity incidents.
According to a study released last fall by research firm Vanson Bourne and cybersecurity vendor AppViewX, 61% of enterprises lack knowledge of their certificates and keys, making them ill-equipped to manage their machine identities effectively.
As a result of this security gap, 55% of the aforementioned enterprises reported cybersecurity breaches and 35% said they experienced organization-wide system outages. And this is just the start.
By 2023, 75% of cloud security failures will result from inadequate management of identities, access, and privileges, according to Gartner, up from 50% in 2020.
According to a Venafi report released last spring, cyberattacks that misuse machine identities increased by 1,600% over the last five years.
Attackers are getting better and better at compromising these identities, said Chris Olson, CEO at The Media Trust, a cybersecurity vendor. "Today, attackers can bypass authentication mechanisms in trusted devices or even fake digital certificates, giving them a foothold to move laterally throughout a company's internal network."
"Ultimately, prevention comes down to knowing what's happening on the perimeter of your IT infrastructure, which includes digital devices and access points," he told Data Center Knowledge.
Organizations need to continually monitor network activity and software components, he added. "Particularly third parties who may bring vulnerabilities to trusted devices, on-premise or in the cloud."
According to a report released by Ponemon Institute and Keyfactor in March, 61% of IT professionals say that the theft or misuse of machine identities is a serious concern – up from 34% last year.
In addition, 50% say that their organization is likely to experience incidents of machine identity theft or misuse over the next 24 months.
One challenge? The growing volume of machine identities. According to the Ponemon survey, the average IT organization has more than 267,000 internal certificates, an increase of 16% compared to last year.
Automation is key to managing the scale of the challenge
With so many devices, manual oversight is no longer an option.
"Digital identities must be managed using device identity management solutions that enable automated provisioning, updates, and de-provisioning of devices throughout their lifecycle," said Bo Lane, head of solution architecture at Kudelski Security.
Keyfactor CSO Chris Hickman agreed that automation was key, since it allows organizations to scale as new technologies are deployed. He also recommended that data centers figure out who's in charge of machine identities.
"In most organizations ownership of machine identity is implied rather than being expressly assigned," he told Data Center Knowledge. As a result, many companies wind up with a siloed approach to machine identity management.
"Worse still, many of these identities are managed by no one," Hickman added.
He recommended that enterprises establish a core and cross functional group with specific responsibility for the management of all machine identities.
Managing machine identities as core component of Zero Trust
Managing device identities is especially important in the emerging zero-trust security model, Kudelski's Lane said.
"When an enterprise device is not given any special trust status on the network, it must have a way to identify and authorize interactions with other devices, services or data," he told Data Center Knowledge.
A centralized machine identity management system can address many security concerns, allowing for automated management of large numbers of certificates.
However, there's also a risk that comes with too much centralization – it creates a single point of failure.
"If the core system is compromised, then everything is compromised," warned Asher DeMetz, security consulting senior manager at Sungard Availability Services.
"The critical systems should be truly segmented, not just in name but with a firewall, and use their own authentication and key management," he said. "You can utilize machine identity management on certain systems, but do not employ it on any one system that can be breached and leave open access to critical systems."
About the Author
You May Also Like