The growth of machine identities far exceeds the growth of human identities
Venafi®, the inventor and leading provider of machine identity management solutions, announces the results of a global study of 1,000 CIOs, which shows that digital transformation increases the number of machine identities by an average of 42% per year. Since CIOs often have limited visibility into the number of machine identities on their networks, and these critical security resources are not a priority in IAM and security budgets, CIOs should expect a sharp increase in machine identity-related outages and security breaches.
Machine identities enable secure connection and authentication for every part of the IT infrastructure, from physical and virtual servers and IoT devices to software applications, APIs and containers. Every time two machines need to authenticate each other, a machine identity is required. One hundred percent of CIOs say that digital transformation is leading to a dramatic increase in the number of required machine identities in their companies. Without an automated machine identity management program, organizations suffer from outages caused by expired machine identities and security breaches caused by the misuse or compromise of machine identities.
According to the CIO study sponsored by Venafi, the average organization used almost a quarter of a million (250,000) machine identities by the end of 2021. This is a surprising number, because the machine identity management experts at Venafi found that companies initially underestimate the inventory of machine identities by 50% or more, because they have very limited insight into the machine identities required by their company.
At the current growth rates, the same organizations can expect that their inventory of machine identities will more than double to at least 500,000 by 2024. In addition, three-quarters of CIOs surveyed said they expect digital transformation initiatives to increase the number of machine identities in their organizations by 26%, with more than a quarter (27%) reporting a percentage of more than 50%.
Among the main results of the survey are:
- 83% of companies have experienced a machine identity-related outage in the last 12 months; more than a quarter (26%) reported that critical systems were affected.
- 57% of organizations experienced at least one data breach or security incident related to compromised machine identities (including TLS and SSH keys and code signing keys and certificates) during the same period.
Kevin Bocek, VP Security Strategy and Threat Intelligence at Venafi
“The reality of digital transformation means that every company today is a software company. This means that IAM priorities will have to shift to protecting the machine identities required for digital transformation initiatives, as these initiatives are the engines for innovation and growth,” says Kevin Bocek, Vice President of Security Strategy and Threat Intelligence at Venafi . “The unfortunate reality is that most companies are not able to manage all the computer identities they need. This rapidly growing gap has opened up a new attack surface – from software build pipelines to Kubernetes clusters – that is very attractive to attackers.“
The increasing number of machines in corporate networks makes outdated methods of managing machine identity visible. Almost two-thirds (64%) of CIOs say that instead of a comprehensive solution for managing machine identities, their companies combine several solutions and processes, including point solutions from certification authorities and public cloud providers, self-developed solutions and manual processes. This approach does not provide a company-wide overview of all machine identities, nor does it provide the necessary mechanisms to enforce configuration or policy requirements.
“The management of machine identities is still in the initial phase of implementation. It is very similar to what happened a few years ago with the identity of customers and employees, but it is many times bigger and the change is happening much faster,“ Bocek continues. “The challenges associated with managing human identities pale in comparison to the challenges of managing machine identities. This study highlights the urgent need for every company to evaluate its machine identity management program to protect its digital transformation initiatives.”
About the study
The Venafi survey, conducted by Coleman Parkes Research, evaluated the opinions of 1000 CIOs in six countries/regions: United States, United Kingdom, France, DACH, Benelux and Australasia (Australia, New Zealand).