- April 6, 2021
and Ponemon Institute today released the first-ever State of Machine Identity Management Report (https://www.keyfactor.com/
2021/), a study exploring enterprises' ability to manage and protect machine identities, keys and certificates in digital business.
"Machine identities, such as keys, certificates and secrets, are essential to securing connections between thousands of servers, cloud workloads, IoT and mobile devices," said Chris Hickman, chief security officer at Keyfactor. "Yet the survey highlights a concerning and significant gap between plan and action when it comes to machine identity management strategy. Acknowledgement is a step in the right direction, but a lack of time, skilled resources and attention paid to managing machine identities makes organizations vulnerable to highly disruptive security risks and service outages."
Additional key report findings:
- Certificate-related outages are widespread: 88% of organizations reported experiencing at least one unplanned outage due to expired certificates in the past 24 months. Another 41% reported four or more outages.
- The rate of failed audits is rising: on average, organizations experienced approximately five failed audits or compliance incidents due to insufficient key management within the past 24 months. Compared to other machine identity-related incidents, such as unplanned certificate outages or theft and misuse of keys and certificates, audit failures are considered the most serious, according to 75% of respondents.
- Neglected SSH credentials and code signing keys are increasing security risk: 57% of respondents do not have an accurate inventory of SSH keys and 26% say they never rotate SSH credentials. Many enterprise teams continue to store sensitive code-signing keys on build servers (33%) and developer workstations (19%).
- Enterprises are struggling to establish internal policies, governance and best practices: only 1/3 of organizations report having a mature cryptographic center of excellence (CCoE) to support the direction and implementation of an enterprise-wide cryptography strategy.
- Staffing shortages: 40% of respondents identified a lack of skilled personnel as a barrier to setting an enterprise-wide cryptography and machine identity strategy. Only 45% of teams say they have sufficient staff dedicated to their PKI deployment.
"Mitigating machine identity risk and achieving zero trust are top priorities for teams hardening their overall security posture," said Hickman. "Having an enterprise-wide crypto-management strategy ensures best practices and automated processes are put in place to mitigate the risks that come with higher volumes of machine identities and increased workloads."
View the complete findings and download the 2021 State of Machine Identity Management Report (https://www.keyfactor.com/state-of-machine-identity-manag...