Protecting Machine Identity

“Digital Transformation” is an appealing, if slightly overhyped buzzword in IT circles. Broadly, the term refers to improving the ability of a business to work with its customers, partners and suppliers through digital means. Usually, this implies automation and artificial intelligence as well as fluid integrations that leverage open APIs. The process is a boon to business if done right, but it also amplifies certain kinds of risk exposure. For instance, as a consequence of digital transformation, there has been a veritable explosion in the number of devices and virtual machines operating in the extended enterprise.

Jeff Hudson, CEO of Venafi

“Machine proliferation presents one of the most serious, and under-examined sources of risk exposure in today’s organizations,” said Jeff Hudson, CEO of Venafi. His company provides a trust platform for the dynamic protection of machine identities across extended infrastructure. “A large company today will inevitably create and power down tens of thousands of virtual machines and other, comparable devices. Each machine is vulnerable to attack. If you can’t track your machines’ identities, you may not even understand how many threats you’re facing.”

Hudson pointed out that most organizations are disciplined about managing the identities and credentials of human users, but less organized about machine identities. The risk in this practice comes from ignoring the reality that machines can now easily become “users” of applications. “With open APIs, you can easily have machines accessing data, making procedure calls and interacting with people. You need to know if the machines in these integrations and orchestrations are legitimate.”

Venafi accomplishes this by enabling global visibility into certificate issuance and related factors. “We give you a line of sight into SSH, SSL, TLS, API Keys and so forth, wherever they are in your organization. Remember, there’s no perimeter anymore.” The platform offers deep intelligence and automation of all aspects of machine identities, allowing users to rapidly identify and automatically correct vulnerabilities and weaknesses in keys and certificates at machine speed and scale.

“Machine proliferation presents one of the most serious, and under-examined sources of risk exposure in today’s organizations”

Scale and automation are key, Hudson explained. “It’s all well and good to have policies for tracking machine identities. However, today’s IT operations can make such  policies essentially worthless if they’re not automated and based on machine intelligence. We’re way past the days of a human admin setting up a machine and assuming that they will be on top of the machine’s activities throughout its life cycle. There are just way too many machines and automated processes in the mix.”

The Venafi solution looks at the machine’s intended use and human owner and assesses the context of its use. If the machine is not acting within expected parameters, it is flagged for investigation. By automating machine identity management, Venafi enables enforcement of effective machine identity policies.

Venafi also addresses an inherent difficulty in applying security policy to machines: Machines can’t get fired, sued or sent to prison. “If an employee steals proprietary data, he or she will face disciplinary action or even criminal prosecution,” said Hudson. “A machine will not. At least, not today. Call me in ten years and ask me the same question. The answer might surprise us all.”