John Graham, Global CISO, EBSCO

“The reality is that machine identity security threats already exist. It’s not just a theory.”

  • As they digitally transform their businesses, many CISOs are behind the curve on machine identity security.
  • CISOs can protect their environment with smart, efficient machine identity security solutions that enable rather than hinder development processes.

“You have to know the landscape and the usage of all
machine identities within your environment.”

John Graham believes that it’s crucial for his fellow chief information security officers (CISOs) to prioritize machine identity security now. “The reality is that machine identity security threats already exist. It’s not just a theory,” he said. “We all have to understand that machine identities have already been compromised and used for malicious activity within companies. These forms of attack are going to become more pervasive.” While plenty of sophisticated and effective solutions are on the market to protect human identities, CISOs may not know that they have robust options that protect machine identities. Unfortunately, while CISOs get up to speed on this rapidly evolving threat, opportunistic criminals are increasingly targeting unprotected machine identities.
Why are CISOs behind the curve when it comes to addressing this business risk? For starters, many organizations are in the middle of digital transformation initiatives, moving their operations from on-premises data centers to the cloud or adopting hybrid computing models. While they’ve been preoccupied with these changes, Graham points out that they are missing a key security risk. “They haven’t yet figured out that the cloud technology and the automation underpinning it is leveraging machine identities and not necessarily human identities.”

This is an excerpt from 8 Experts on Protecting Machine Identities.  This series was generously sponsored by Venafi.