New research from Venafi details the proliferation of machine identities resulting in increased outages and breaches.
Venafi, the inventor and leading provider of machine identity management, has announced the findings of a global CIO survey outlining the average number of machine identities per organization at the end of 2021, which reached nearly a quarter of a million (250,000) – an average 42% increase versus the previous year.
As companies continue to experience rapid Digital Transformation, 94% of respondents expect this growth to continue at the same rate or more, resulting in the average organization likely to have over 500,000 machines by 2024.
Machine identities enable secure communication and authentication between machines – everything from servers and applications to cloud instances and algorithms – making them essential to securing Digital Transformation.
Yet the growth in machine identities is having an adverse effect – widespread sprawl and mismanagement. The accelerated shift to cloud and digital services is resulting in an increase of machine identity related outages and breaches.
The survey of 1,000 global CIOs found that:
- 83% of organizations have suffered a certificate-related outage during the last 12 months, with over a quarter (26%) saying critical systems were impacted.
- 57% have experienced security incidents or breaches related to compromised machine identities (including TLS, SSH keys and code signing keys and certificates).
“Like never before, we’re witnessing a huge explosion in the number of machines used by businesses,” said Kevin Bocek, Vice President of Security Strategy and Threat Intelligence at Venafi.
“As technology continues to drive streamlined business operations, providing machines with strong identity and authentication is essential. Yet this growth is causing an uncontrolled sprawl of identities.
“The end result is the attack surface is widening and outages are on the rise. And it’s only going to get worse with the proliferation of machine identities and increased complexities – particularly with the growing adoption of more cloud-native environments, which make it harder for developers to gain visibility.”
The rise in machines has exposed outdated practices across IT and security teams. Close to two-thirds (64%) of CIOs said that, rather than using a comprehensive machine identity management solution, they use various combinations of multiple solutions and processes. These include point solutions from their approved certificate authorities (CAs) and public cloud providers, as well as homegrown solutions and manual processes like spreadsheets.
“The numbers speak for themselves – managing machine identities cannot be done in a manual and disjointed way. Organizations need a central view to manage these risks, or the business will suffer,” Bocek continued.
“The research is clear – the need for automation is essential to reduce risk and allow developers to concentrate on innovation. Implementing a machine identity management solution which automates the management of machine identities throughout their lifecycle and in any environment is the only way forward. “