Despite 60% of surveyed organizations agreeing machine identities pose a greater security risk than human identities, security measures continue to lag behind
SailPoint Technologies, Inc., a leader in unified identity security for enterprises, today unveiled the 2024 “Machine Identity Crisis: The Challenges of Manual Processes and Hidden Risks,” a global survey of more than 320 identity and access experts, security professionals, and executives. The report explores the differences between managing machine identities and human identities, highlighting the challenges of securing machine identities such as overprovisioning and changing compliance requirements, and provides a comprehensive view of the identity management challenges faced by today’s IT and security teams.
Also Read: How Enterprises Can Leverage the CX Software Upgrade Cycle Through 2025
“Machine identities represent an increasingly popular attack vector, and the longer organizations grapple with how to effectively manage them, the greater the risk”
Findings indicate that 69% of companies surveyed manage more machine identities than human identities, with nearly half deploying 10 times as many. These machine identities include applications, databases, bots, IoT devices, SaaS tools, and a wide range of other hardware and software solutions. Of the security professionals surveyed, 72% reported that managing machine identities is more challenging than managing human identities, citing poor internal processes and inadequate identity management tools as the culprit. As a result, 66% of respondents indicated that managing machine identities requires more manual processes than human identities, taxing already scarce IT and security resources.
“Many organizations lack visibility into the full spectrum of identities present within their environments,” said Mark McClain, CEO and Founder of SailPoint. “In fact, our annual Horizons of Identity Security report shows that machine identities are expected to grow faster than any other type of identity over the next 3-5 years. This further validates the complexity of managing an entirely new class of identities for enterprises today. To stay ahead, businesses need an automated, cloud-based solution that can track and secure machine identities. This not only frees up IT teams to focus on more strategic tasks but also reduces the risk of unauthorized access to sensitive data, helping to support compliance and protect against evolving threats.”
The growing volume of machine identities significantly heightens the risk of audit and compliance challenges. Surprisingly, 75% of surveyed companies have machine identities without a dedicated employee responsible for them. Moreover, insufficient governance increases the potential for data loss or compromised access. Findings show that 60% of organizations believe machine identities pose a greater risk to business than human identities, which is unlikely to change without improvements to discovery capabilities and governance practices.
Further, machine identities can act as a gateway to external resources and services, including cloud and SaaS solutions, partners, suppliers, and other third parties. This risk is far from theoretical, with 57% of surveyed organizations reporting that a machine identity has been granted inappropriate access to sensitive data. Equally concerning are the 16% of respondents that cannot say for sure whether such an incident has occurred, highlighting either a lack of knowledge about potential risks or a failure to implement lessons learned to prevent them.
Also Read: Elastic Simplifies Elasticsearch Management with AutoOps Integration
“Machine identities represent an increasingly popular attack vector, and the longer organizations grapple with how to effectively manage them, the greater the risk,” said SailPoint President Matt Mills. “Identity management solutions that do not provide real-time information on machine identities are essentially failing, forcing more manual steps, costing more in labor and resources, and resulting in poor processes that retain supposedly dormant identities, ultimately increasing the overall risk to the business. When selecting an identity management platform, organizations must consider every identity, not just those that are human.”
Methodology
IAM, security, and compliance professionals at enterprise companies representing all seniority levels were invited to participate in a survey on their company’s machine identity access operational and management practices. The survey was administered electronically, and participants were offered a token compensation for their participation. A total of 322 qualified participants completed the survey. All participants had enterprise IAM and security responsibilities. Participants were from 5 continents, representing a global perspective.
