Because CIOs often have limited visibility into the number of machine identities on their networks and these critical security assets are not prioritized in IAM and security budgets, CIOs should expect to see a sharp increase in machine identity related outages and security breaches, according to a new study of 1,000 CIOs conducted by Venafi.
Machine identities enable secure connection and authentication for every part of IT infrastructure, from physical, virtual servers and IoT devices to software applications, APIs and containers. Any time two machines need to authenticate each other a machine identity is required.
100% of CIOs say that digital transformation is driving a dramatic increase in the number of machine identities their organizations require. Without an automated machine identity management program, organizations suffer from outages caused by expired machine identities and breaches caused by machine identity misuse or compromise.
According to the study, the average organization used nearly a quarter of a million (250,000) machine identities at the end of 2021. This is a startling number when you consider that organizations initially underestimate machine identity populations by 50% or more because they have extremely limited visibility into the machine identities their organization requires.
At current rates of growth, these same organizations can expect their machine identity inventory to more than double to at least 500,000 by 2024.
Moreover, three-quarters of surveyed CIOs said that they expect digital transformation initiatives to increase the number of machine identities in their organizations by 26% — with more than one-quarter (27%) citing a percentage of higher than 50%.
Key survey findings include:
■ 83% of organizations suffered a machine identity related outage during the last 12 months; over a quarter (26%) say critical systems were impacted.
■ 57% of organizations experienced at least one data breach or security incident related to compromised machine identities (including TLS, SSH keys and code signing keys and certificates) during the same time period.
"The realities of digital transformation mean that every business is now a software company. This means IAM priorities need to shift to protect the machine identities required for digital transformation initiatives because these initiatives are the engines of innovation and growth," said Kevin Bocek, VP of Security Strategy and Threat Intelligence at Venafi. "The unfortunate reality is that most organizations are not prepared to manage all the machines identities they need. This rapidly growing gap has opened a new attack surface – from software build pipelines to Kubernetes clusters – that is very attractive to attackers."
The rise in the number of machines on enterprise networks is exposing outdated machine identity management practices. Nearly two-thirds (64%) of CIOs say that rather than using a comprehensive machine identity management solution, their organizations combine multiple solutions and processes, including point solutions from certificate authorities (CAs) and public cloud providers, homegrown solutions and manual processes. This approach does not provide enterprise-wide view of all machine identities or provide the mechanisms needed to enforce configuration or policy requirements.
"Machine identity management is in the early stages of adoption. It's very similar to what happened with customer and workforce identity a few years ago, but it's orders of magnitude larger in scale and change is happening much faster," Bocek continued. "The challenges connected with human identity management pale in contrast to the challenges of managing machine identities. This research underscores the urgent need for every organization to evaluate their machine identity management program in order to protect their digital transformation initiatives."
Methodology: Conducted by Coleman Parkes Research, Venafi's survey evaluated the opinions of 1000 CIOs across six countries/regions: United States, United Kingdom, France, DACH (Germany, Austria, Switzerland), Benelux (Belgium, Netherlands, Luxembourg) and Australasia (Australia, New Zealand).
The Latest
A long-running study of DevOps practices ... suggests that any historical gains in MTTR reduction have now plateaued. For years now, the time it takes to restore services has stayed about the same: less than a day for high performers but up to a week for middle-tier teams and up to a month for laggards. The fact that progress is flat despite big investments in people, tools and automation is a cause for concern ...
Companies implementing observability benefit from increased operational efficiency, faster innovation, and better business outcomes overall, according to 2023 IT Trends Report: Lessons From Observability Leaders, a report from SolarWinds ...
IT leaders are driving an increasing number of automation initiatives as a way to stay competitive, reduce costs and scale as they navigate an unpredictable social and economic environment, according to the 2023 State of Automation in IT survey conducted by Jitterbit ...
Customer loyalty is changing as retailers get increasingly competitive. More than 75% of consumers say they would end business with a company after a single bad customer experience. This means that just one price discrepancy, inventory mishap or checkout issue in a physical or digital store, could have customers running out to the next store that can provide them with better service. Retailers must be able to predict business outages in advance, and act proactively before an incident occurs, impacting customer experience ...
Earlier this year, New Relic conducted a study on observability ... The 2023 Observability Forecast reveals observability's impact on the lives of technical professionals and businesses' bottom lines. Here are 10 key takeaways from the forecast ...
Only 33% of executives are "very confident" in their ability to operate in a public cloud environment, according to the 2023 State of CloudOps report from NetApp. This represents an increase from 2022 when only 21% reported feeling very confident ...
The majority of organizations across Australia and New Zealand (A/NZ) breached over the last year had personally identifiable information (PII) compromised, but most have not yet modified their data management policies, according to the Cybersecurity and PII Report from ManageEngine ...
A large majority of organizations employ more than one cloud automation solution, and this practice creates significant challenges that are resulting in delays and added costs for businesses, according to Why companies lose efficiency and compliance with cloud automation solutions from Broadcom ...
