A key finding from the Venafi study reveals that eighty percent of financial services respondents who are responsible for identity and access management (IAM) believe automated communications between machines on their organizations’ networks are mostly or completely secure. Seventy-one percent of respondents believe effective protection of machine identities is critical to the long-term security and viability of their companies. However, on average, financial services organizations are only tracking forty-three percent of the most common types of machine identities.
The study assessed the number of respondents who follow the progress of specific machine identities and found the following:
“Financial services organizations have more work to do in order to make sure their machine identities are protected, and we know these issues are not unique to a specific industry,” said Jeff Hudson, CEO of Venafi. “Despite the importance of machine identities, most organizations are overwhelmed by the sheer number of them on their networks, and they don’t have the visibility, intelligence or automation necessary to take the necessary steps to close the gaping hole in security.”
Additional findings from the study include:
Managing user and machine identities, as well as privileged access to business data and applications, is an enormous undertaking that has serious security ramifications. Traditionally, the focus for IAM programs has been people-centric. However, with the recent increase in the number of machines on enterprise networks, shifts in technology, and the latest computing capabilities, a new set of challenges has emerged, requiring an increased focus on the protection of machine identities.
From Securing The Enterprise With Machine Identity Protection, Forrester Consulting, June 2018: “Newer technologies, such as cloud and containerization, have expanded the definition of machine to include a wide range of software that emulates physical machines. Furthermore, these technologies are spawning a tidal wave of new, rapidly changing machines on enterprise networks. To effectively manage and protect machine identities, organizations need: complete visibility of all machine identities across their networks; actionable intelligence about each machine identity; and the capabilities to effectively put that intelligence into action at machine speed and at scale.”