Shawn Irving, Chief Information Security Officer, Ferguson plc
“You can’t talk about the security of your systems if you don’t have good situational awareness as to what these
identities are and how they’re accessed.”
- CISOs cannot properly manage or protect machine identities across a distributed enterprise environment using rudimentary tools.
- Although businesses most often worry about outages caused by expiring certificates, they should treat machine identity protection as a security priority too.
“You should scan your landscape to determine where
these machine identities live and start to pull them
together into an inventory that you can add context to.”
According to Shawn Irving, chief information security officers (CISOs) need the right tools to properly protect machine identities. For starters, he says, “You have to efficiently manage a large number of machine identities. You also have to keep up with what they are, where they’re deployed, how long they’re valid, and when they need to be revoked.” Even so, a lot of companies still try to manage their portfolio of machine identities using rudimentary tools like an Excel spreadsheet. “That wouldn’t work for your user population, and it won’t work for your machine identity population,” he argues.
Whether CISOs might realize it or not, failing to adequately manage and protect machine identities poses a serious security risk to the organization. “Not knowing and not having visibility about your population of machine identities is analogous to not knowing or having any idea who has user IDs and passwords for the systems on your network,” Irving explains. “You can’t talk about the security of your systems if you don’t have good situational awareness as to what these identities are and how they’re accessed.”
This is an excerpt from 8 Experts on Protecting Machine Identities. This series was generously sponsored by Venafi.