“Find out how the systems authenticate against each other, and make that method part of your core procurement requirements.”

• CISOs overseeing legacy environments face uniquely painful headaches when it comes to machine identity protection.
• To successfully protect machine identities, create efficient automated processes that make building new secure infrastructure easy, repeatable, and consistent.

“You need to embrace the DevSecOps mentality to make it
extremely easy—which requires high levels of automation,
preferably end to end.”

Paul Vincent knows from experience that machine identity protection is a difficult challenge for chief information security officers (CISOs) overseeing legacy infrastructure. “In large organizations such as the ones that I work in, typically there are over 500,000 machine identities that systems use to authenticate each other,” he says. “For example, infrastructure, applications and web services all need to authenticate themselves to data stores and this requires careful management… The problem is, it’s difficult to dynamically change the credentials that underpin
these identities unless the applications that rely on them have been coded to support that change to happen,” Vincent adds.
Addressing these issues in a legacy environment can be an uphill battle to say the least. “When you’ve got over half a million system credentials over an estate that maybe has been built up over the last 40 or 50 years with potentially 80,000 or 90,000 servers and 4,000 different applications split among numerous business units, it’s actually an extremely difficult problem to fix,” Vincent says. For this reason, CISOs confronting the challenges associated with protecting machine identities in a legacy environment especially need an automated solution that helps address the problem at the proper scale.

This is an excerpt from 8 Experts on Protecting Machine Identities.  This series was generously sponsored by Venafi.