Today, machine identities exceed the number of human identities in the enterprise. This is due to the increased usage of distributed services and API being accessed by bots, IoT devices and application architectures that are increasingly built from various micro-services, all of which must be kept secure to prevent data being compromised from cyberattacks. With the increasing amount of machine identities across the enterprise, customers must control and secure the access and communication for both external and internal APIs. It’s no longer enough to assume services accessing data can be trusted as organizations need to understand each machine connecting to their services and make smart, real time decisions if the machine can be trusted. In fact, a 2020 report revealed that breaches related to machine identities caused global economic losses of between $51 billion and $72 billion a year.
Security risks stemming from the rise in machine identities
Machine-to-machine communications have become the main source of data traffic in the enterprise. In addition, the regulatory requirements for data-sharing between businesses via application programming interfaces (APIs), services and devices continue to increase in complexity. The corresponding security risks are on the rise as well. In the wrong hands, machine identities can enable cybercriminals to appear trustworthy, slip past security defenses undetected, gain access to networks and exfiltrate sensitive data. Yet, organizations still overlook the importance of protecting machine identities.
For example, earlier this year a vulnerability was discovered in ThroughTek Kalay’s software development kit (SDK), which compromised a staggering 83 million IoT devices such as baby monitors and security cameras. Another example of a compromised machine identity is the vulnerabilities that were found in the Linux TCP/IP stack, which puts millions of industrial control devices at risk of being hacked.
To prevent breaches like these, organizations need full visibility and control of each machine identity and must implement granular authorization and governance to confirm the identity of each connected device, and which data it’s authorized to process. This is where machine identity management comes in, which is the process of governing and orchestrating the identities, digital certificates and keys of machines such as IoT, devices, APIs, workloads, apps, containers and more. In fact, the infamous Equifax data breach in 2017 occurred when a certificate controlling a crucial piece of security software expired, leaving the company vulnerable to attack for more than two months.
To address these growing risks, below are steps enterprises should follow to adjust cybersecurity strategies given the rapidly increasing volume of machine identities.
Rethinking traditional IAM strategies
First, security leaders must rethink their traditional identity and access management (IAM) strategies. Historically, IAM has focused on human identities authenticating access systems, software and apps on a business network. However, with the rise of containers, APIs and other technology, a secure IAM approach must utilize cryptographic certificates, keys and other digital secrets that protect connected systems and support an organization’s underlying IT infrastructure.
With the shift to the cloud, a Zero Trust framework has become the new security standard, where all users, machines, APIs and services must be authenticated and authorized before being able to access apps and data. In the cloud, there is no longer a traditional security perimeter around the data center, so the service identity is the new perimeter.
When handling machine identities, fine-grained consent controls are essential in protecting privacy as data is moved between machines. The authorization system discerns the “who, what, where, when, and why” and confirms that the owner has consented to the sharing of that data and the person requesting access isn’t a fraudster. By having modern authorization and consent controls in place, the organization can save its development teams hours, even weeks, of backend work and enable its apps to go to market faster. At the same time, these authorization and identity governance guardrails help to ensure that the product or service meets strict security and compliance standards.
Automating machine identity authorization and governance is key
In order to secure the enterprise when the traditional network perimeter no longer exists, you need full visibility and to be able to control who has access to every data element by authenticating everything in the transaction, including the machine, the service, the user and the information being shared.
When it comes to managing machine identities, automation is critical due to the high volume of them and is necessary for dynamic scaling (auto-scaling). For instance, even a simple transaction such as checking your bank account balance involves hundreds of machines, all of which need to be authenticated before they can connect to the server. Plus, each one of these connections between machines requires instantaneous authorization. IT and security teams must lean on automated software tools, otherwise, it’s impossible for teams to have the bandwidth to manage the thousands or millions of machines under their purview. In addition, it’s important for IT teams to have the ability to discover known vs. unknown machines, services and APIs, classify those services and automatically add them into the identity and authorization ecosystem.
Enterprise security strategies must evolve accordingly
The pandemic has played a major role in accelerating the importance of machine identity management as a core component of any cybersecurity strategy. To prevent them from being exploited by malicious actors, organizations must treat machine identities the same as customer and employee identities and authenticate every single request and transaction. To achieve this, machine identities must be well-managed across the organizations and APIs must be highly secure.
Machine identities that are left unprotected can allow cybercriminals to gain access to networks and then reach multiple systems once inside. They also provide attackers with the opportunity to create persistent back doors and distribute malware to unsuspecting network users. With strong identity governance and visibility over every smart device, bot and service, organizations can proactively identify and mitigate unauthorized access and other threats.