Managing Your Agency’s Machine Identities

Government security teams already have their hands full trying to manage the identities of the people accessing their agencies’ networks. Meanwhile, a new identity challenge is growing. Beyond authenticating humans, these teams now realize they must also manage the identities of countless machines like systems, applications, devices and other non-human entities on these networks.

In many cases, these digital services do not involve humans at all. Instead, they cover machine-to-machine communications. Fortunately, such systems use unique certificates and keys that can verify their identities before they access data or other network resources. Tracking all this information, however, is hard work.

“As there are more machines doing more things, managing machine identities can’t be the domain of small certificate service teams anymore,” said Diane Garey, Product Marketing Manager at Venafi, a machine identity management solutions provider. “There are too many machines to track them all.”

Thankfully, automation can help agencies manage and secure machine identities more easily. Automation involves machines performing processes with little to no human input, saving people energy and time on things like requesting, approving, monitoring and renewing machine identities.

Garey explained three ways agencies can become more resilient by streamlining their machine identity management and security.

1. Avoid certificate outages

Certificate-based outages occur when the unique certificate verifying a machine’s identity expires. These outages not only disrupt agencies – they also give cybercriminals an opportunity to slip onto agencies’ networks using vulnerable machines.

“We want to make sure bad actors can’t get on to the network and get to sensitive data,” Garey said.

Automating certificate renewal not only reduces outages, it assists humans with managing and securing machine identities agencywide. Preventing cybersecurity disruptions, meanwhile, strengthens agencies’ resilience.

2. Lighten workloads

For better or worse, authenticating machine identity certificates can become a lengthy process. For example, Garey cited a federal agency that manages 500 certificates annually. Each year, a contractor physically checks and approves these certificates at a location separate from the agency. Since 2020, the COVID-19 pandemic has only complicated this workflow.

“If I’m responsible for a big volume of certificates, if I must update them once a year instead of once every two or three years, that is a huge increase in workload,” Garey said.

Fortunately, automation can reduce the burden by ensuring these machine identity certificates are renewed without human intervention.

3. Speed software development

Nowadays, software is often a crucial component of the products and services agencies deliver to citizens. Besides the other benefits, automating machine identity management can also speed up software development and strengthen cybersecurity.

“You don’t want developers to be working on an application and have to pause for an hour or day to get what they need from machine certificate services,” Garey said.

Management platforms like those Venafi provides can automate security for the machine identities on government networks. The result is more resilient federal, state and local agencies whose employees are not looking over their shoulders for cyberthreats.

This article is an excerpt from GovLoop’s recent guide, “Bouncing Back: How Your Agency Can Handle Disruption and Embrace Resilience.” Download the full guide here.

Leave a Comment

Leave a comment

Leave a Reply