Certificate outages impact the majority of organizations
A new survey finds 83 percent of 1,000 organizations surveyed experienced a certificate-related outage over the last year, with over a quarter (26 percent) saying critical systems were impacted.
The report from identity management firm Venafi shows that digital transformation is driving an average of 42 percent annual growth in the number of machine identities.
In addition 57 percent of organizations experienced at least one data breach or security incident related to compromised machine identities (including TLS, SSH keys and code signing keys and certificates) during the same time period.
But these critical security assets are not being prioritized in IAM and security budgets, so CIOs should expect to see a sharp increase in machine identity related outages and security breaches. The average organization was using nearly a quarter of a million machine identities at the end of 2021. And according to Venafi organizations typically underestimate machine identity populations by 50 percent or more initially, because they have limited visibility into the machine identities their organization requires.
What's more three-quarters of surveyed CIOs say that they expect digital transformation initiatives to increase the number of machine identities in their organizations by 26 percent -- with 27 percent citing a percentage of higher than 50 percent.
"The realities of digital transformation mean that every business is now a software company. This means IAM priorities need to shift to protect the machine identities required for digital transformation initiatives because these initiatives are the engines of innovation and growth," says Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. "The unfortunate reality is that most organizations are not prepared to manage all the machines identities they need. This rapidly growing gap has opened a new attack surface -- from software build pipelines to Kubernetes clusters -- that is very attractive to attackers."
You can get the full report on the Venafi site.