Machine identities: What they are and how to use automation to secure them

All machines that connect need to have a secure digital identity, including factory control systems, medical devices, servers, laptops, tablets, and smartphones. Image courtesy of Sectigo

August 16, 2021

Tim Callan

Security teams who aim to control secure access to networked applications and sensitive data often focus on the authentication of user credentials. Yet, the explosive growth of connected devices and machines in today’s enterprises exposes critical security vulnerabilities within machine-to-machine communications, where no human is involved.

That’s where machine identity comes in. Machine identity is the digital credential or “fingerprint” used to establish trust, authenticate other machines, and encrypt communication.

Much more than a digital ID number or a simple identifier such as a serial number or part number, machine identity is a collection of authenticated credentials that certify that a machine is authorized access to online resources or a network.

Machine identities are a subset of a broader digital identity foundation that also includes all human and application identities in an enterprise environment. It goes beyond easily recognizable use cases like authenticating a laptop that is accessing the network remotely through Wi-Fi. Machine identity is required for the millions or billions of daily communications between systems where no human is involved, like routing messages across the globe through various network appliances or application servers generating or using data stored across multiple data centers.

Why Machine Identity Management Needs to Be Automated

As the number of processes and devices requiring machine-to-machine communication grows, the number of machine identities to track also grows. According to the Cisco Annual Internet Report, by 2023, there will be 29.3 billion networked devices globally, up from 18.4 billion in 2018. That is more than 10 billion new devices in just five years!

Improper identity management not only makes enterprises more vulnerable to cybercriminals, malware and fraud, it also exposes organizations to risks related to employee productivity, customer experience issues, compliance shortfalls and more. While there is no stronger, more versatile authentication and encryption solution than PKI-based digital identity, the challenge for busy IT teams is that manually deploying and managing certificates is time-consuming and can result in unnecessary risk if a mistake is made.

Whether an enterprise deploys certificates to enable device authentication for a single control network or manages millions of certificates across all its networked device identities, the end-to-end process of certificate issuance, configuration and deployment can overwhelm the workforce.

The bottom line? Manual machine identity management is neither sustainable nor scalable.

In addition, manually managing certificates puts enterprises at significant risk of neglected certificates expiring unexpectedly. This can result in certificate-related outages, critical business systems failures and security breaches and attacks.

In recent years, expired certificates have resulted in many high-profile website and service outages. These mistakes have cost billions of dollars in lost revenue, contract penalties, lawsuits and the incalculable cost of lost customer goodwill and tarnished brand reputations.

How to Automate Machine Identity Management

With such high stakes, IT professionals are rethinking their certificate lifecycle management strategies. Organizations need an automated solution that ensures all their digital certificates are correctly configured, installed and managed without human intervention. Yes, automation helps reduce risk, but it also aids IT departments in controlling operational costs and streamlining time-to-market for products and services.

In response to market forces and hacking attacks, PKI has become even more versatile. Consistent high uptime, interoperability and governance are still crucial benefits. But modern PKI solutions can also improve administration and certificate lifecycle management through:

● Crypto-agility: Updating cryptographic strength and revoking and replacing at-risk certificates with quantum-safe certificates rapidly in response to new or changing threats.

● Visibility: Viewing certificate status with a single pane of glass across all use cases.

● Coordination: Using automation to manage a broad portfolio of tasks.

● Scalability: Managing certificates numbering in the hundreds, thousands, or even millions.

● Automation: Completing individual tasks while minimizing manual processes.

As a result of the many different types of machines, systems, and applications that use digital certificates, busy IT teams often find themselves having to manage distinct automation services from many different vendors. Concurrently running multiple automation platforms results in inefficiencies.

So, what is the solution?

A single certificate management dashboard that automates discovery, deployment, and lifecycle management across all use cases and vendor platforms can deliver the efficiency that automation promises. A trusted certificate authority (CA) can provide digital identity management automation solutions that enable enterprises to be agile, efficient and fully control all the certificates in their environment, including machine identities.

Tim Callan is Chief Compliance Officer at Sectigo and co-host of the popular PKI and security podcast “Root Causes.” Tim has more than 20 years of experience in leadership positions for prominent PKI and digital certificate technology providers including VeriSign, Symantec, DigiCert, and Comodo CA. A security blogger since 2006, he is a frequently published author of technology articles and has spoken at conferences including the RSA Security Expo, Search Engine Strategies, ClickZ, and the Internet Retailer Conference and Expo. A founding member of the CA/Browser Forum, Tim played a key role in the creation and roll out of Extended Validation SSL in the late 2000s.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.

How can security leaders charged with investigations handle the management of interviewers and interrogators, as well as handle interviewing, including dealing with false confessions and misleading information?

Poll

Recruiting Diverse Candidates

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

Machine identities: What they are and how to use automation to secure them

Why Machine Identity Management Needs to Be Automated

How to Automate Machine Identity Management

Recent Articles by Tim Callan

How to stop ransomware - Seven steps to protect your enterprise

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

Machine identities: What they are and how to use automation to secure them

Why Machine Identity Management Needs to Be Automated

How to Automate Machine Identity Management

Recent Articles by Tim Callan

Related Articles

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.