Cybersecurity

Emerging Trends in IAM Part 3: Machine Identity Management

Pierce ChakrabortyJeffrey McDonald
September 19, 2023
4 min read

The hybridization of the workforce and subsequent challenges within the IAM world has resulted in many organizations beginning (or reimagining) their journey toward building a mature identity program. As mentioned in our previous posts, Emerging Trends in IAM: Simplified Engineering and Using the Sunlit Approach to Simplify RBAC, Protiviti has observed several new trends in the IAM space. This series evaluates those key trends that organizations will focus on over the next few years. This post highlights why and how organizations can incorporate a machine identity management strategy to battle serious risks that have emerged alongside a hybrid work environment.

Over the last few years, the concept of digital identities has been a hot topic for cybersecurity professionals. Users are increasingly working from decentralized locations, driving the need for a new approach to secure company networks. Gone are the days when security professionals simply built a fence around their networks and guarded the resources inside. Now, organizations expect hackers to gain access to their environments and have developed the concept of identities to deal with this. Trust is no longer given to identities just for being on a network as access to assets must now be routinely verified for users on the network.

To deliver security capabilities in this new environment, security professionals began focusing heavily on user identities that authenticate to networks using the traditional username and password. Large investments were made to secure these identities as cyberattacks often targeted users through schemes such as phishing to gain access to the organization’s environment. However, in addition to the user identities that exist on every company network, there is another category of network identities that is often overlooked: machine identities.

Implementing effective machine identity management

Machines, like users, are consistently authenticating and communicating with each other on a network. Microservices, applications, servers, containers, traditional devices and virtual machines all communicate with each other and require the same establishment of trust to perform the tasks they need to support business operations. While the total number of user identities on company networks has remained largely static, the number of machine identities on the same networks has grown exponentially, providing a new, growing attack surface that hackers can exploit to gain access to company systems. Due to this emerging risk, there is a growing need for organizations to implement effective machine identity management (MIM) practices to govern the lifecycle of machine identities, the permissions granted to these identities, and the secrets, keys and certificates these machines use to authenticate.

Key MIM considerations include:

  • Management of human and machine identities should be approached differently as each identity type presents a different set of challenges for identification, overall lifecycle management, automation and monitoring.
  • At most organizations, the total number of user identities has remained relatively constant while the total number of machine identities has increased exponentially. This trend is expected to continue.
  • MIM introduces an added area of complexity as machine lifecycles can be extremely short compared to user identities. The total lifecycle of some containers or virtual machines can be measured in hours instead of weeks or months.
  • The autonomous nature of these machine identities, coupled with the often-elevated level of access to grant them, increases the overall risk posture associated with this growing identity population.

How organizations should approach machine identity management

  • Assess the organization’s overall approach to identity to see how MIM is currently being delivered.
  • Clearly define machine identities within the environment in order to easily identify and tell them apart from normal user identities.
  • Ensure ownership for machine identities is clearly defined and communicated for all the identities within the environment.
  • Make sure all identities within an environment are in line with a pre-defined framework which outlines ownership requirements for individual machine types (VMs, servers, containers, etc.).
  • Machine secrets, such as certificates and key pairs, used for machine authentication must be securely managed.

Taking steps to ensure an effective MIM strategy will help organizations be prepared for the growing risks that have emerged out of a more hybrid workforce.

Read the other blogs in this series: Emerging Trends in IAM Part 1: Simplified Engineering, Emerging Trends in IAM – Part 2: Using the Sunlit Approach to Simplify RBAC and Emerging Trends in IAM Part 4: Going Passwordless with the FIDO Use Case.

Read the results of our 2023 Global IT Executive Survey: The Innovation vs. Technical Debt Tug-of-War.

To learn more about our cybersecurity solutions, contact us.

Pierce Chakraborty

Director
Security and Privacy

View all posts

Jeffrey McDonald

Senior Manager
Security and Privacy

View all posts

You may also like

Subscribe to Topics

Protiviti Technology Follow

Protiviti leverages emerging technologies to innovate, while helping organizations transform and succeed by focusing on business value.

ProtivitiTech
protivititech Protiviti Technology @protivititech ·
29 Apr

Protiviti's Chris Daniel will join the Analytics Study Breakfast panel to discuss the just-released 2024 CGT Analytics Study on Friday, May 3 during the #AnalyticsUnite2024 Summit. Register today! https://ow.ly/oVou50Rpfrn #ProtivitiTech

Reply on Twitter 1784946420555862405 Retweet on Twitter 1784946420555862405 Like on Twitter 1784946420555862405 Twitter 1784946420555862405
protivititech Protiviti Technology @protivititech ·
26 Apr

RSA Conference 2024 is quickly approaching! Stop by Microsoft's Booth #6044N - Moscone North on May 8 at 3 pm to see Protiviti's demo presentation! https://ow.ly/hk3350RmwaS #RSAC #Microsoft

Reply on Twitter 1783934284492943722 Retweet on Twitter 1783934284492943722 Like on Twitter 1783934284492943722 Twitter 1783934284492943722
protivititech Protiviti Technology @protivititech ·
26 Apr

Protiviti is a proud sponsor of #AnalyticsUnite2024. The summit provides retail and consumer goods executives with the unprecedented opportunity to learn from and network with the industry’s global leading analytic experts. https://ow.ly/5uNR50RpfcM #ProtivitiTech

Reply on Twitter 1783904458948133260 Retweet on Twitter 1783904458948133260 Like on Twitter 1783904458948133260 Twitter 1783904458948133260
protivititech Protiviti Technology @protivititech ·
25 Apr

Whether you need assistance in finance transformation, data & analytics, security & privacy, regulatory compliance, or business consulting, we have you covered. Read the April issue of #SAP Insights now! https://ow.ly/5qtO50RmFBs #ProtivitiTech

Reply on Twitter 1783556978268045479 Retweet on Twitter 1783556978268045479 Like on Twitter 1783556978268045479 Twitter 1783556978268045479
protivititech Protiviti Technology @protivititech ·
25 Apr

Protiviti leveraged #Microsoft Azure AI portfolio to create an intelligence information retrieval system for a client needing to comply with new EPA regulations. The AI-enabled solution sifted through terabytes of data, saving the company time and money. https://ow.ly/pYvm50Rmx3X

Reply on Twitter 1783481606822314257 Retweet on Twitter 1783481606822314257 Like on Twitter 1783481606822314257 Twitter 1783481606822314257
Load More