Share this article on:
They underpin an increasing proportion of online activity, but poor management of machine IDs regularly causes disruption and user frustration, Kevin Bocek of Venafi writes.
Machine IDs, or certificates, are used to confirm that users are authorised to have access to certain resources. While human identity is authenticated and secured using usernames and passwords, machine IDs use digital keys to validate the legitimacy of information flowing between authorised machines.
The IDs can be used to secure privileged access, DevOps assets and web transactions, authenticate software code, and enable secure, remote access to enterprise networks.
However, while the role played by these IDs or certificates is becoming increasingly important as a means of establishing trust, they are also becoming increasingly difficult for organisations to manage.
This is concerning news when digital transformation programs are boosting their usage even further. Security teams are searching for ways to streamline their management so that unintended disruptions are avoided.
The challenge of expiry
Much of the management challenge around digital IDs results from the fact that they expire. If this occurs before a new one is created, users find themselves locked out.
This, in turn, causes issues for IT help desks and can lead to costly downtime. For consumers, it can mean suddenly being locked out of digital content and other services.
Such disruptions can have large-scale flow-on effects for companies. According to research by analyst firm ITIC, just one hour of server downtime totals to more than $300,000 for 91 per cent of SMEs and large enterprises. Concerningly, more than two-fifths (44 per cent) of respondents to the survey said an hour costs more than $1 million.
A deteriorating situation
Frustratingly, it appears that machine ID management is becoming even more challenging for security teams as their organisations use them in more places and to deliver more services.
According to research from McKinsey, two-thirds (65 per cent) of businesses increased technology spend during the pandemic. They invested in IoT systems to streamline business processes, laptops and mobile devices for hybrid workers, and new internal and customer-facing apps and websites to improve user experiences.
Meanwhile, in the cloud, containers and APIs have helped to drive DevOps and greater business agility. However, all of these new components require machine IDs to help secure them. The challenge for security teams continues to climb.
Research by Venafi has found a typical business was using as many as 250,000 machine IDs in 2021 and this number is forecast to double by 2024. With this volume in use, it’s perhaps not so surprising that problems occur.
The ID management challenge is also being increased by other changes that are taking place within the technology sector. High-profile web browsers are now requiring organisations to change their machine IDs every 12 months.
Some certificate authorities are going further and providing IDs which expire after just 90 days. They believe this will help to increase security and reduce the misuse of stolen credentials.
The solution is automation
The bottom line in this situation is that the methods being used to manage digital IDs has to change. Because of the volumes involved, manual processes are no longer effective, and organisations must embrace automation.
This is because even businesses with only modest digital transformation plans will soon find the number of keys and certificates they have in use will be unmanageable with current methods. They instead need a control plane that automates their management throughout their digital lifespan.
There are some key benefits that will be realised once effective automated management tools have been deployed. They can be set to automatically discover all corporate certificates across physical assets and cloud platforms and then catalogue them in a single, centralised repository which can provide continuous visibility.
The tools can also be deployed to automatically verify security compliance. This will ensure that all certificates have the correct owners, attributes, and configurations no matter which authority has issued them.
A third key benefit is that the automation tools can reduce the risk and disruption of expiration. The tools can constantly monitor all the IDs being used and alert the IT team that action is required.
Having such capabilities in place can dramatically improve the way digital IDs are managed across an organisation. They can help to reduce lockouts, lower user frustration, and ensure an organisation’s public reputation for reliability is maintained.
Kevin Bocek is the chief security strategist at Venafi.