A study comparing security controls for human and machine identities reveals a worrying trend. While almost all organizations have a policy that governs password length for human identities, only half have a written policy on length and randomness of keys for machine identities - this, despite the rapid spread of machines that need to authenticate themselves to each other so they can communicate securely.
When authenticating themselves to machines, people rely on usernames and passwords to gain access to data and services. Similarly, machines need to authenticate themselves to each other to communicate in a secure manner. Virtual machines (VMs), applications, algorithms, APIs and containers, and even IoT devices, rely on cryptographic keys and digital certificates, which serve as machine identities that lets them know it’s safe to share data.
A survey by Venafi, a firm specialized in securing cryptographic keys and digital certificates, found that 85% of organizations have a policy that governs password length for human identities. The survey of 1,500 IT security professionals from the U.S., the U.K., France, Germany and Australia showed that only 54% have a written policy on length and randomness for keys for machine identities.
Venfai found organizations will spend upwards of $10 billion this year solely to protect human identities. Machine identity protection spending remains “relatively flat,” the researchers said (no exact number provided), despite an exponential increase in the number of machines that need identities, including virtual machines, applications, algorithms, APIs and containers.
“Because cybercriminals understand the power of machine identities and their lack of protection, they target them for exploitation,” the survey takers said.
Additional findings include:
Researchers say that, while attacks using machine identities are relatively new, they’re very effective. Furthermore, the gap between the security controls applied to human identities and those applied to machine identities is exposing organizations to immense risks, especially for digital businesses that rely heavily on machines for mission critical, day-to-day operations.
tags
Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.
View all postsDon’t miss out on exclusive content and exciting announcements!