Kevin Bocek, VP Security Strategy and Threat Intelligence at Venafi
The nationwide outage of Verifone is another warning to companies about the importance of effective identity management for machines. These failures can affect anyone, and there have been well-known examples in the past, such as LinkedIn and O2, which had exactly the same problem with certificates. In essence, certificates allow secure communication between machines, but they are often poorly managed. If the certificates expire unexpectedly, this puts companies in a lot of trouble, as applications, services or servers are taken offline. In this particular incident, people were unable to get food and fuel from large supermarkets and gas stations. However, the incident had an impact not only on consumers, but also on Verifone itself and its customers, because these types of incidents can seriously damage the reputation of a company. Consumers expect a very high level of service and are disappointed when the services they need for their lives are not available.
Recent data shows that an average company will have more than half a million machine identities in its network by 2024. As failures like this show, it’s impossible to track this amount of identities manually, so companies need to automate management. This allows developers to continue working at full speed without having to worry about managing machine identities. Security and IT teams can then sleep soundly at night, knowing that they will not be confronted with expiring certificates and operational failures the next day.