Skip to main content

Outages Related to Machine Identity on the Rise

Because CIOs often have limited visibility into the number of machine identities on their networks and these critical security assets are not prioritized in IAM and security budgets, CIOs should expect to see a sharp increase in machine identity related outages and security breaches, according to a new study of 1,000 CIOs conducted by Venafi.

Image removed.

Machine identities enable secure connection and authentication for every part of IT infrastructure, from physical, virtual servers and IoT devices to software applications, APIs and containers. Any time two machines need to authenticate each other a machine identity is required.

100% of CIOs say that digital transformation is driving a dramatic increase in the number of machine identities their organizations require. Without an automated machine identity management program, organizations suffer from outages caused by expired machine identities and breaches caused by machine identity misuse or compromise.

According to the study, the average organization used nearly a quarter of a million (250,000) machine identities at the end of 2021. This is a startling number when you consider that organizations initially underestimate machine identity populations by 50% or more because they have extremely limited visibility into the machine identities their organization requires.

At current rates of growth, these same organizations can expect their machine identity inventory to more than double to at least 500,000 by 2024.

Moreover, three-quarters of surveyed CIOs said that they expect digital transformation initiatives to increase the number of machine identities in their organizations by 26% — with more than one-quarter (27%) citing a percentage of higher than 50%.

Key survey findings include:

■ 83% of organizations suffered a machine identity related outage during the last 12 months; over a quarter (26%) say critical systems were impacted.

■ 57% of organizations experienced at least one data breach or security incident related to compromised machine identities (including TLS, SSH keys and code signing keys and certificates) during the same time period.

"The realities of digital transformation mean that every business is now a software company. This means IAM priorities need to shift to protect the machine identities required for digital transformation initiatives because these initiatives are the engines of innovation and growth," said Kevin Bocek, VP of Security Strategy and Threat Intelligence at Venafi. "The unfortunate reality is that most organizations are not prepared to manage all the machines identities they need. This rapidly growing gap has opened a new attack surface – from software build pipelines to Kubernetes clusters – that is very attractive to attackers."

The rise in the number of machines on enterprise networks is exposing outdated machine identity management practices. Nearly two-thirds (64%) of CIOs say that rather than using a comprehensive machine identity management solution, their organizations combine multiple solutions and processes, including point solutions from certificate authorities (CAs) and public cloud providers, homegrown solutions and manual processes. This approach does not provide enterprise-wide view of all machine identities or provide the mechanisms needed to enforce configuration or policy requirements.

"Machine identity management is in the early stages of adoption. It's very similar to what happened with customer and workforce identity a few years ago, but it's orders of magnitude larger in scale and change is happening much faster," Bocek continued. "The challenges connected with human identity management pale in contrast to the challenges of managing machine identities. This research underscores the urgent need for every organization to evaluate their machine identity management program in order to protect their digital transformation initiatives."

Methodology: Conducted by Coleman Parkes Research, Venafi's survey evaluated the opinions of 1000 CIOs across six countries/regions: United States, United Kingdom, France, DACH (Germany, Austria, Switzerland), Benelux (Belgium, Netherlands, Luxembourg) and Australasia (Australia, New Zealand).

Hot Topics

The Latest

E-commerce is set to skyrocket with a 9% rise over the next few years ... To thrive in this competitive environment, retailers must identify digital resilience as their top priority. In a world where savvy shoppers expect 24/7 access to online deals and experiences, any unexpected downtime to digital services can lead to significant financial losses, damage to brand reputation, abandoned carts with designer shoes, and additional issues ...

Efficiency is a highly-desirable objective in business ... We're seeing this scenario play out in enterprises around the world as they continue to struggle with infrastructures and remote work models with an eye toward operational efficiencies. In contrast to that goal, a recent Broadcom survey of global IT and network professionals found widespread adoption of these strategies is making the network more complex and hampering observability, leading to uptime, performance and security issues. Let's look more closely at these challenges ...

Image
Broadcom

The 2025 Catchpoint SRE Report dives into the forces transforming the SRE landscape, exploring both the challenges and opportunities ahead. Let's break down the key findings and what they mean for SRE professionals and the businesses relying on them ...

Image
Catchpoint

The pressure on IT teams has never been greater. As data environments grow increasingly complex, resource shortages are emerging as a major obstacle for IT leaders striving to meet the demands of modern infrastructure management ... According to DataStrike's newly released 2025 Data Infrastructure Survey Report, more than half (54%) of IT leaders cite resource limitations as a top challenge, highlighting a growing trend toward outsourcing as a solution ...

Image
Datastrike

Gartner revealed its top strategic predictions for 2025 and beyond. Gartner's top predictions explore how generative AI (GenAI) is affecting areas where most would assume only humans can have lasting impact ...

The adoption of artificial intelligence (AI) is accelerating across the telecoms industry, with 88% of fixed broadband service providers now investigating or trialing AI automation to enhance their fixed broadband services, according to new research from Incognito Software Systems and Omdia ...

 

AWS is a cloud-based computing platform known for its reliability, scalability, and flexibility. However, as helpful as its comprehensive infrastructure is, disparate elements and numerous siloed components make it difficult for admins to visualize the cloud performance in detail. It requires meticulous monitoring techniques and deep visibility to understand cloud performance and analyze operational efficiency in detail to ensure seamless cloud operations ...

Imagine a future where software, once a complex obstacle, becomes a natural extension of daily workflow — an intuitive, seamless experience that maximizes productivity and efficiency. This future is no longer a distant vision but a reality being crafted by the transformative power of Artificial Intelligence ...

Enterprise data sprawl already challenges companies' ability to protect and back up their data. Much of this information is never fully secured, leaving organizations vulnerable. Now, as GenAI platforms emerge as yet another environment where enterprise data is consumed, transformed, and created, this fragmentation is set to intensify ...

Image
Crashplan

OpenTelemetry (OTel) has revolutionized the way we approach observability by standardizing the collection of telemetry data ... Here are five myths — and truths — to help elevate your OTel integration by harnessing the untapped power of logs ...

Outages Related to Machine Identity on the Rise

Because CIOs often have limited visibility into the number of machine identities on their networks and these critical security assets are not prioritized in IAM and security budgets, CIOs should expect to see a sharp increase in machine identity related outages and security breaches, according to a new study of 1,000 CIOs conducted by Venafi.

Image removed.

Machine identities enable secure connection and authentication for every part of IT infrastructure, from physical, virtual servers and IoT devices to software applications, APIs and containers. Any time two machines need to authenticate each other a machine identity is required.

100% of CIOs say that digital transformation is driving a dramatic increase in the number of machine identities their organizations require. Without an automated machine identity management program, organizations suffer from outages caused by expired machine identities and breaches caused by machine identity misuse or compromise.

According to the study, the average organization used nearly a quarter of a million (250,000) machine identities at the end of 2021. This is a startling number when you consider that organizations initially underestimate machine identity populations by 50% or more because they have extremely limited visibility into the machine identities their organization requires.

At current rates of growth, these same organizations can expect their machine identity inventory to more than double to at least 500,000 by 2024.

Moreover, three-quarters of surveyed CIOs said that they expect digital transformation initiatives to increase the number of machine identities in their organizations by 26% — with more than one-quarter (27%) citing a percentage of higher than 50%.

Key survey findings include:

■ 83% of organizations suffered a machine identity related outage during the last 12 months; over a quarter (26%) say critical systems were impacted.

■ 57% of organizations experienced at least one data breach or security incident related to compromised machine identities (including TLS, SSH keys and code signing keys and certificates) during the same time period.

"The realities of digital transformation mean that every business is now a software company. This means IAM priorities need to shift to protect the machine identities required for digital transformation initiatives because these initiatives are the engines of innovation and growth," said Kevin Bocek, VP of Security Strategy and Threat Intelligence at Venafi. "The unfortunate reality is that most organizations are not prepared to manage all the machines identities they need. This rapidly growing gap has opened a new attack surface – from software build pipelines to Kubernetes clusters – that is very attractive to attackers."

The rise in the number of machines on enterprise networks is exposing outdated machine identity management practices. Nearly two-thirds (64%) of CIOs say that rather than using a comprehensive machine identity management solution, their organizations combine multiple solutions and processes, including point solutions from certificate authorities (CAs) and public cloud providers, homegrown solutions and manual processes. This approach does not provide enterprise-wide view of all machine identities or provide the mechanisms needed to enforce configuration or policy requirements.

"Machine identity management is in the early stages of adoption. It's very similar to what happened with customer and workforce identity a few years ago, but it's orders of magnitude larger in scale and change is happening much faster," Bocek continued. "The challenges connected with human identity management pale in contrast to the challenges of managing machine identities. This research underscores the urgent need for every organization to evaluate their machine identity management program in order to protect their digital transformation initiatives."

Methodology: Conducted by Coleman Parkes Research, Venafi's survey evaluated the opinions of 1000 CIOs across six countries/regions: United States, United Kingdom, France, DACH (Germany, Austria, Switzerland), Benelux (Belgium, Netherlands, Luxembourg) and Australasia (Australia, New Zealand).

Hot Topics

The Latest

E-commerce is set to skyrocket with a 9% rise over the next few years ... To thrive in this competitive environment, retailers must identify digital resilience as their top priority. In a world where savvy shoppers expect 24/7 access to online deals and experiences, any unexpected downtime to digital services can lead to significant financial losses, damage to brand reputation, abandoned carts with designer shoes, and additional issues ...

Efficiency is a highly-desirable objective in business ... We're seeing this scenario play out in enterprises around the world as they continue to struggle with infrastructures and remote work models with an eye toward operational efficiencies. In contrast to that goal, a recent Broadcom survey of global IT and network professionals found widespread adoption of these strategies is making the network more complex and hampering observability, leading to uptime, performance and security issues. Let's look more closely at these challenges ...

Image
Broadcom

The 2025 Catchpoint SRE Report dives into the forces transforming the SRE landscape, exploring both the challenges and opportunities ahead. Let's break down the key findings and what they mean for SRE professionals and the businesses relying on them ...

Image
Catchpoint

The pressure on IT teams has never been greater. As data environments grow increasingly complex, resource shortages are emerging as a major obstacle for IT leaders striving to meet the demands of modern infrastructure management ... According to DataStrike's newly released 2025 Data Infrastructure Survey Report, more than half (54%) of IT leaders cite resource limitations as a top challenge, highlighting a growing trend toward outsourcing as a solution ...

Image
Datastrike

Gartner revealed its top strategic predictions for 2025 and beyond. Gartner's top predictions explore how generative AI (GenAI) is affecting areas where most would assume only humans can have lasting impact ...

The adoption of artificial intelligence (AI) is accelerating across the telecoms industry, with 88% of fixed broadband service providers now investigating or trialing AI automation to enhance their fixed broadband services, according to new research from Incognito Software Systems and Omdia ...

 

AWS is a cloud-based computing platform known for its reliability, scalability, and flexibility. However, as helpful as its comprehensive infrastructure is, disparate elements and numerous siloed components make it difficult for admins to visualize the cloud performance in detail. It requires meticulous monitoring techniques and deep visibility to understand cloud performance and analyze operational efficiency in detail to ensure seamless cloud operations ...

Imagine a future where software, once a complex obstacle, becomes a natural extension of daily workflow — an intuitive, seamless experience that maximizes productivity and efficiency. This future is no longer a distant vision but a reality being crafted by the transformative power of Artificial Intelligence ...

Enterprise data sprawl already challenges companies' ability to protect and back up their data. Much of this information is never fully secured, leaving organizations vulnerable. Now, as GenAI platforms emerge as yet another environment where enterprise data is consumed, transformed, and created, this fragmentation is set to intensify ...

Image
Crashplan

OpenTelemetry (OTel) has revolutionized the way we approach observability by standardizing the collection of telemetry data ... Here are five myths — and truths — to help elevate your OTel integration by harnessing the untapped power of logs ...