Machine identities: A pressing threat that cannot be ignored

Eva Hanscom, Venafi

In her first post for the IT Governance Publishing blog, Venafi’s Eva Hanscom explains the importance of protecting machine identities.

IT governance programmes formally align cyber security initiatives with business goals. It’s imperative that every member of an organisation, from board members to executives to contractors, understands how its IT programmes benefit and protect assets, profits and success.

This is especially important as employees are beginning to wake up to cyber threats; IT governance programmes have contributed much to our security literacy. However, a critical organisational component is often ignored: machine identities.

Unfortunately, most employees don’t understand that the abuse and exploitation of machine identities can lead to substantial business losses.

What are machine identities?

There are two actors on every network: people and machines. People employ usernames and passwords to identify and authenticate themselves, so they can get access to network devices and services. Machines also need to identify and authenticate themselves when they connect to each other, but they don’t rely on usernames and passwords. Instead, they use cryptographic keys and certificates.

Without the proper protection for machine identities, organisations can’t guarantee the confidentiality of information that flows between authorised machines, and prevent the flow of information to unauthorised machines.

Although cryptographic keys and digital certificates are critical security assets, they are also some of the least understood and most poorly protected parts of enterprise security infrastructure.

Organisations spend more than $8 billion [about £5.97 billion] a year protecting usernames and passwords, but just a tiny fraction of that is spent protecting machine identities. Cyber attackers understand the value of these lucrative assets and take advantage of the fact that they are poorly protected. And this, in turn, reflects on corporate IT governance programmes.

In the next Venafi guest blog post, Eva Hanscom discusses the growth of threats relating to machine identities.

IT Governance Publishing offers a range of books and toolkits that can help an organisation understand how to protect its information infrastructure from cyber security attacks.

About Venafi


Venafi is the cyber security market leader in machine identity protection, securing all connections and communications between machines. Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, Internet of things (IoT), mobile and SSH. Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise –on premises, mobile, virtual, Cloud and IoT – at machine speed and scale. http://venafi.com