“The thought of allowing human identities to be created without defined processes, procedures, or governance is not a possibility.”

• Organizations are not protecting machine identities with the same level of rigor they use for human identities.
• To effectively protect their machine identities, CISOs must learn as much as they can about the topic now and going forward.

“We’ve all got a lot of learning to do.”

The way Terry Hamilton sees it, organizations don’t protect their machine identities with nearly the same level of rigor as they use to protect human identities. “Human identities are already foundational to existing enterprise security, with well-established processes and procedures on how they are created, maintained, and removed,” he explains. “Human identities are also typically all
managed by a centralized team. The thought of allowing human identities to be created without defined processes, procedures, or governance is not a possibility.” Machine identities, on the other hand, are often not managed at all. Or, they’re managed by multiple sources using processes that are not yet mature.
With the transition to cloud computing, containerization, and serverless computing, it has become far more important to protect machine identities. “Now that we are using a whole range of different technologies that depend on machine identities, our attack surface is a lot bigger,” Hamilton notes. If you have a current or future need to proactively manage machine identities, he recommends that you
start preparing now.

This is an excerpt from 8 Experts on Protecting Machine Identities.  This series was generously sponsored by Venafi.