80 percent of enterprises struggle to protect machine identities
The protection of human identities tends to be high on the agenda for organizations, but what about machine identities?
Recent increases in the number of machines on enterprise networks, shifts in technology, IoT devices and new computing capabilities have created a set of challenges that require increased focus on protecting machine identities.
A new study carried out by Forrester for identity protection specialist Venafi shows 96 percent of companies believe that effective protection of both machine and human identities is equally important to the long-term security and viability of their companies. However, 80 percent of respondents admit to struggling with the delivery of machine identity protection capabilities.
"It is shocking that so many companies don't understand the importance of protecting their machine identities," says Jeff Hudson, CEO of Venafi. "We spend billions of dollars protecting user names and passwords but almost nothing protecting the keys and certificates that machines use to identify and authenticate themselves. The number of machines on enterprise networks is skyrocketing and most organizations haven't invested in the intelligence or automation necessary to protect these critical security assets. The bad guys know this, and they are targeting them because they are incredibly valuable assets across a wide range of cyber-attacks."
Other findings include that 47 percent of respondents believe protecting machine identities and human identities will be equally important to their organizations over the next 12 to 24 months, while nearly as many (43 percent) think machine identity protection will be more important. 61 percent say their biggest concern regarding poor machine identity protection management is internal data theft or loss.
Yet despite this 70 percent admit they are tracking fewer than half of the most common types of machine identities found on their networks. When asked which specific machine identities they track 56 percent say cloud platform instance machine identities, only 49 percent say mobile device machine identities, 49 percent say physical server machine identities, 29 percent SSH keys, and 25 percent identities of microservices and containers.
More about the findings is in the full report which you can get from the Venafi website.