Cybersecurity

Emerging Trends in IAM Part 3: Machine Identity Management

Pierce ChakrabortyJeffrey McDonald
September 19, 2023
4 min read

The hybridization of the workforce and subsequent challenges within the IAM world has resulted in many organizations beginning (or reimagining) their journey toward building a mature identity program. As mentioned in our previous posts, Emerging Trends in IAM: Simplified Engineering and Using the Sunlit Approach to Simplify RBAC, Protiviti has observed several new trends in the IAM space. This series evaluates those key trends that organizations will focus on over the next few years. This post highlights why and how organizations can incorporate a machine identity management strategy to battle serious risks that have emerged alongside a hybrid work environment.

Over the last few years, the concept of digital identities has been a hot topic for cybersecurity professionals. Users are increasingly working from decentralized locations, driving the need for a new approach to secure company networks. Gone are the days when security professionals simply built a fence around their networks and guarded the resources inside. Now, organizations expect hackers to gain access to their environments and have developed the concept of identities to deal with this. Trust is no longer given to identities just for being on a network as access to assets must now be routinely verified for users on the network.

To deliver security capabilities in this new environment, security professionals began focusing heavily on user identities that authenticate to networks using the traditional username and password. Large investments were made to secure these identities as cyberattacks often targeted users through schemes such as phishing to gain access to the organization’s environment. However, in addition to the user identities that exist on every company network, there is another category of network identities that is often overlooked: machine identities.

Implementing effective machine identity management

Machines, like users, are consistently authenticating and communicating with each other on a network. Microservices, applications, servers, containers, traditional devices and virtual machines all communicate with each other and require the same establishment of trust to perform the tasks they need to support business operations. While the total number of user identities on company networks has remained largely static, the number of machine identities on the same networks has grown exponentially, providing a new, growing attack surface that hackers can exploit to gain access to company systems. Due to this emerging risk, there is a growing need for organizations to implement effective machine identity management (MIM) practices to govern the lifecycle of machine identities, the permissions granted to these identities, and the secrets, keys and certificates these machines use to authenticate.

Key MIM considerations include:

  • Management of human and machine identities should be approached differently as each identity type presents a different set of challenges for identification, overall lifecycle management, automation and monitoring.
  • At most organizations, the total number of user identities has remained relatively constant while the total number of machine identities has increased exponentially. This trend is expected to continue.
  • MIM introduces an added area of complexity as machine lifecycles can be extremely short compared to user identities. The total lifecycle of some containers or virtual machines can be measured in hours instead of weeks or months.
  • The autonomous nature of these machine identities, coupled with the often-elevated level of access to grant them, increases the overall risk posture associated with this growing identity population.

How organizations should approach machine identity management

  • Assess the organization’s overall approach to identity to see how MIM is currently being delivered.
  • Clearly define machine identities within the environment in order to easily identify and tell them apart from normal user identities.
  • Ensure ownership for machine identities is clearly defined and communicated for all the identities within the environment.
  • Make sure all identities within an environment are in line with a pre-defined framework which outlines ownership requirements for individual machine types (VMs, servers, containers, etc.).
  • Machine secrets, such as certificates and key pairs, used for machine authentication must be securely managed.

Taking steps to ensure an effective MIM strategy will help organizations be prepared for the growing risks that have emerged out of a more hybrid workforce.

Read the other blogs in this series: Emerging Trends in IAM Part 1: Simplified Engineering, Emerging Trends in IAM – Part 2: Using the Sunlit Approach to Simplify RBAC and Emerging Trends in IAM Part 4: Going Passwordless with the FIDO Use Case.

Read the results of our 2023 Global IT Executive Survey: The Innovation vs. Technical Debt Tug-of-War.

To learn more about our cybersecurity solutions, contact us.

Pierce Chakraborty

Director
Security and Privacy

View all posts

Jeffrey McDonald

Senior Manager
Security and Privacy

View all posts

You may also like

Subscribe to Topics

Protiviti Technology Follow

Protiviti leverages emerging technologies to innovate, while helping organizations transform and succeed by focusing on business value.

ProtivitiTech
protivititech Protiviti Technology @protivititech ·
18 Apr

Learn more about what GRC Managed Service is and what it can do for SAP S/4HANA and SAP cloud solutions in the latest #SAP Blog post. https://ow.ly/OMaL50RfsHw #ProtivitiTech

Reply on Twitter 1781035159438954997 Retweet on Twitter 1781035159438954997 Like on Twitter 1781035159438954997 Twitter 1781035159438954997
protivititech Protiviti Technology @protivititech ·
17 Apr

Protiviti is a proud sponsor of ServiceNow Knowledge 2024—a three-day conference all about #AI. Stop by our booth (#2503) to visit with our team and learn how the #ServiceNow platform makes business transformation possible. https://ow.ly/qa6p50Rh9wf

Reply on Twitter 1780627914964308382 Retweet on Twitter 1780627914964308382 Like on Twitter 1780627914964308382 Twitter 1780627914964308382
protivititech Protiviti Technology @protivititech ·
16 Apr

What is #DesignThinking? Could it help your organization? Find out how Protiviti uses it to help clients build net new applications and modernize legacy systems. https://ow.ly/fMK550Rfsoi #ProtivitiTech

Reply on Twitter 1780204913663873376 Retweet on Twitter 1780204913663873376 Like on Twitter 1780204913663873376 Twitter 1780204913663873376
protivititech Protiviti Technology @protivititech ·
15 Apr

Join our May 2 webinar designed for privacy and security professionals seeking to navigate the intricate nuances of data governance within the ever-evolving global regulatory landscape. Register today! https://ow.ly/hzrG50R4fTX #ProtivitiTech #DataPrivacy

Reply on Twitter 1779872392535212145 Retweet on Twitter 1779872392535212145 2 Like on Twitter 1779872392535212145 1 Twitter 1779872392535212145
protivititech Protiviti Technology @protivititech ·
12 Apr

The latest Technology Insights Blog post offers insight into the unique risks associated with Large Language Models (LLMs) and how to establish strategies to mitigate them. https://ow.ly/q3w550RfbXm #ProtivitiTech #TechnologyInsights

Reply on Twitter 1778890996282982442 Retweet on Twitter 1778890996282982442 Like on Twitter 1778890996282982442 Twitter 1778890996282982442
Load More