- Six in ten organizations lack full awareness of all the certificates and keys across their digital assets, leaving them vulnerable to malicious threat actors or other disruptive incidents, according to a study by Vanson Bourne on behalf of AppViewX. Researchers surveyed 1,000 decision-makers across the U.S., Europe, the Middle East and other regions.
- Among organizations that lacked full awareness, nearly all (96%) experienced an event that could have damaged operations. More than half (55%) of the firms suffered a cybersecurity breach, 47% suffered a loss in employee productivity, while more than a third (35%) suffered system outages and one-third experienced financial losses.
- Organizations are having difficulty managing machine identities across different areas of their infrastructure, including operation technology, IoT infrastructure, on-premises infrastructure, in the cloud and across containerized infrastructure, according to the report.
Digital transformation has led to an explosion of different types of machines that communicate with each other and need to identify themselves, according to research by Gartner. Machine identity management handles how credentials are run, including SSH keys, cryptographic keys and X.509 certificates.
As more companies undergo digital transformation and embrace hybrid cloud and multicloud environments, the number of machines that must be identified increases. Companies also need to manage what level of privileges to give each connected device.
Without a way to automate the identities of various machines interacting with an IT network, companies remain vulnerable to being attacked by malicious threat actors through a variety of methods, such as impersonation, compromised keys or entering through unsecured back doors, according to researchers at AppViewX.
"Like human identity management, machine identities have to be managed and governed in enterprises especially with the digital transformations, remote work and cloud focus," Murali Palanisamy, chief solutions officer at AppViewX.
The risk can be compared to a country that issues passports to its citizens, but has no way of tracking, auditing and revoking those passports.
"In an enterprise when a digital certificate is issued, there is an important need to make sure they are fully automated and secured so that no human has clear text access to it to be misused or exploited," Palanisamy said.