Steve Jordan, SVP/Head of Information Protection Technologies, Wells Fargo & Company
“You really should treat machine identity
protection very similarly to the way you handle
your human identity and access management
- CISOs should protect machine identities with the same robust processes and tools that they use for human identities.
- Protecting machine identities supports the zero-trust architecture increasingly being favored by CISOs as organizations shift their operations to the public cloud.
“If a machine is starting to act maliciously or if there has
been a compromise, you want to be able to very quickly
revoke those certificates and credentials.”
Stephen Jordan believes that chief information security officers (CISOs) should include machine identity protection as part of a comprehensive identity management strategy. “You really should treat machine identity protection very similarly to the way you handle your human identity and access management program,” he points out. For this reason, it’s essential to create a robust identity management structure to protect machine identities in your environment in the same way you would protect human identities. “You want to vet your machine identities to make sure that you know they are appropriate and should be on your network. Then you need to provision them with the authentication credentials that they use when interacting with other machines,” he adds.
According to Jordan, this approach aligns well with the zero-trust architecture model that has gained greater traction as organizations have shifted their mission-critical business applications and infrastructure to the public cloud.
This is an excerpt from 8 Experts on Protecting Machine Identities. This series was generously sponsored by Venafi.