Resolve Your Cybersecurity’s Identity Crisis

By Isaac Constans

In many agencies, cybersecurity is having an identity crisis.

The problem isn’t their employees or even their contractors. When people need to access an application or data, they can use usernames, passwords, access cards, fingerprints or other means to identify who they are.

But what happens with automated processes? In those cases, it’s one system talking to another. How does the network authenticate the identity of the system requesting access?

That’s where the concept of machine identity comes into play.

The term “machine” is really an umbrella term for nearly any device on the network that exchanges data. That includes servers, workstations, virtual machines, applications, and even cloud workloads and containers.

Machines use digital identities like TLS certificates and SSH keys to identify themselves to each other. Just like passwords, unmanaged machine identities can pose a serious risk to network security, such as when a digital certificate expires. A single expired certificate can trigger an application outage, vulnerability or downtime.

Consider an agency’s website that hosts an application for constituents to apply for disaster relief funds. Let’s say the app’s owner fails to renew the digital certificate on time, which causes the expired machine identity to take the app down, making it unavailable during peak hurricane season. What should have been a fairly easy preventative maintenance effort winds up causing chaos, disrupting much-needed services and putting the network at risk.

But there’s more. As the number of networked machines is skyrocketing, so is the opportunity for exploitation. Criminals are stealing and forging machine identities to use in their attacks, which can go undetected for weeks or even months.

To prevent these types of attacks, agencies are building machine identity management into their zero trust architectures that rely on persistent authentication of both humans and machines.

From a technology perspective, machine identity management has three main components: visibility, intelligence, and automation.

Visibility

Administrators need to identify the credentials machines are using on their networks, including from IoT devices and within connected cloud environments. You get this kind of all-around visibility by creating an inventory of machine identities. The automated discovery processes looks at all networked machines throughout the agency, collecting metadata on machine identity types, configuration, location, key and certificate use, and a lot more.

Intelligence

With this data in hand, agencies can get ahead of any imminent certificate outages and add a critical layer of security. By evaluating machine identity data against policies and best practices, agencies reduce risks – from certificate expirations to malicious activity.

All machine identity intelligence can then be fed into a security incident and event management system and analytics engine to get real-time alerts when vulnerabilities crop up or attacks are looming.

Automation

We already saw the value of automation for gaining visibility. Going further, automating every step in the machine identity lifecycle brings a bevy of additional benefits:

• It eliminates weaknesses in machine identities, which enables administrators to close gaps and shore up protections.
• It renews certificates before they expire without manual intervention or human error.
• It enables application development teams to work efficiently and securely, putting the “Sec” in DevSecOps.
• And finally, machine identity management allows policies to adapt quickly to combat sophisticated cyber threats. Automated machine identity management ensures these policies are applied to all machines, allows them to be modified quickly and lets administrators take one more task off of their to-do lists.

How does all of this impact your agency? Let’s look back at our previous example. With machine identity management, the disaster relief agency’s digital certificate would have been renewed automatically. Constituents would have been able to continue applying for funds, and no one at the agency would have had to participate in the pandemonium while the app was down.

With the increasing number of machines interacting on our networks, the administrators responsible for certificates can easily get overwhelmed. The building blocks of machine identity management, namely visibility, intelligence and automation, can keep your agency’s applications running and your networks better protected, without a lot of administrator time and effort.

This article is an excerpt from GovLoop Academy’s recent course, “How Machine Identity Management Makes Your Network More Secure,” created in partnership with Venafi. Access the full course here.