What is the distinction between human identities and machine identities? Enterprise IT teams and cybersecurity leaders are entirely confident they can prevent data breaches based on human identities, user access credentials based on usernames and passwords. This confidence, however, drops when it comes to machine identities.
Think about the number of devices around you right now. You might have your laptop, phone, and tablet within arm’s reach. If you’re at home, there might be another computer or two in the household. How about a smart thermostat? Smart fridge? What about your car? So many connected machines. And think about the data they collect, store, and share. That world needs to be secured, and it’s done via a credential, such as keys, secrets, and certificates.
What are machine identities?
There are two actors on every network: humans and machines. Just as human identities are protected with usernames and passwords, machine identities are protected keys and certificates. Every year alarge amount of money is spent protecting human identities, while the importance of managing machine identities is misunderstood and neglected. Cybercriminals are all too aware of this massive security gap, making it extremely lucrative to steal or forge machine identities.
How are machine identities used on a network?
Machines use encrypted connections to establish trust in all kinds of digital transactions. To do this, machines identities use digital certificates and cryptographic keys to validate the legitimacy of both communicating machines. To put this into context, let’s discuss five ways that machine identities are being used to support a wide variety of vital business functions in your organization.
– Securing web transactions with HTTPS
SSL/TLS certificates are critical to the security of web transactions, such as online banking and e-commerce. These certificates create an encrypted connection between a web browser and web server. If cyber criminals gain access to these critical machine identities, they can eavesdrop on encrypted traffic or impersonate a trusted system in a phishing attack.
– Securing privileged access
Most organizations use SSH to secure system-administrator-to-machine access for routine tasks. SSH is also used to secure the machine-to-machine automation of critical business functions. SSH keys ensure that only trusted users and machines have access to sensitive network systems and data. However, if cyber criminals gain access to your SSH keys, they can use them to bypass security controls and gain privileged access to internal network resources and data
Securing Fast IT and DevOps
DevOps teams use cloud-based, self-contained runtime environments, known as containers or clusters, to run individual modules called microservices. Each microservice and container should have a certificate to identify and authenticate it and to support encryption. These certificates serve as valid machine identities that allow containers to communicate securely with other containers, microservices, the cloud, and the Internet. In the interest of development speed, developers may be tempted to skimp on key and certificate security, exposing your organization to unnecessary security vulnerabilities.
Securing communication on consumer devices
Digital certificates provide the foundation for authenticating mobile devices that access enterprise networks. They can also enable access to enterprise Wi-Fi networks and for remote enterprise access using SSL and IPSEC VPNs. However, without central oversight, it’s difficult to protect these functions on mobile devices. This can result in misuse when certificates are duplicated on multiple devices or past employees continue to use unrevoked certificates.
Authenticating software code
Software is usually signed with a certificate to verify the integrity of the software. When used properly, these certificates serve as a machine identity that authenticates the software. However, if cyber criminals steal code-signing certificates from legitimate companies, they can use them to sign malicious code. Because it is signed with a stolen, legitimate certificate, the malicious code doesn’t trigger any warnings, and unsuspecting users will mistakenly trust that it is safe to install and use.
It’s easy to see how important machine identities are to every aspect of your organization, and how they can be misused by cyber criminals. Now that machine identities are on your radar, are you ready to start managing them?
If you need help, contact us!