CIO Influence
CIO Influence News Security

New Research Confirms Machine Identity Management Remains Problematic for 60% of Enterprises; Identity Threat Surface Continues to Expand

New Research Confirms Machine Identity Management Remains Problematic for 60% of Enterprises; Identity Threat Surface Continues to Expand

Keyfactor, the identity-first security solution for modern enterprises, and Ponemon Institute announced findings from the 2023 State of Machine Identity Management Report. In its third edition, the data illustrates macro trends within the enterprise that have fueled a turbulent 12-month period. According to research, the volume of machine identities, which continues to increase at an exponential rate year over year, creates significant challenges related to visibility, management, and mitigation.

“It comes as no surprise that security leaders are eager to reduce the complexity of PKI environments within their enterprise,” said Chris Hickman, chief security officer at Keyfactor. “The IAM landscape is continuing to change rapidly, and organizations are struggling to keep up with those changes. Zero-trust strategies, the ubiquity of IoT, and the adoption of cloud-based services will drive further use of keys and digital certificates in the enterprise. Our data shows that in 2023 and beyond, firms will prioritize getting a handle on their PKI infrastructure.”

CIO INFLUENCE: Apprentice Now Joins Amazon Web Services Training Partner Program to Deliver AWS Cloud Skills Training

The rise of connected devices and new machines introduced to an enterprise ecosystem has forced PKI to serve a critical role in the security of digital transactions. Yet, more than 60% of respondents were unsure of the exact number of keys and certificates in use within their organization – an increase of 17% from last year. This is caused by the dispersed nature of PKI management throughout an organization. With no clear ownership, less than half (47%) of organizations have an enterprise-wide strategy for managing PKI, even as the volume of certificates grew by 11%, from 231,063 in 2021 to 255,738 in 2022.

The confluence of these trends has prompted security leaders to prioritize reducing the complexity of their organization’s PKI infrastructure; more than half (58%) of respondents identified it as a top strategic priority for digital security.

CIO INFLUENCE: PlainID Launches The PlainID Technology Network to Enable Identity Aware Security for Advanced Access Control

“With the advancement of post-quantum cryptography, concerns about a post-quantum world are increasing,” continued Hickman. “While there’s still a significant amount of time until post-quantum is a reality, enterprises still need ample time and resources to prepare for the risk it poses to current public-key cryptosystems. It’s reassuring to see organizations already starting to rethink their current PKI strategies. With the right approach, organizations can rebuild disjointed and aging PKI environments, as well as the certificates issued from them, to mitigate early concerns related to the potential impacts of quantum cryptography.”

Additional findings from the report include:

  • Rising concerns about ability to adopt post-quantum cryptography: In June 2022, NIST announced the first group of algorithms to become part of its post-quantum cryptographic standard, which is expected to be finalized within two years. Nearly half (48%) of respondents say they are concerned about their ability to adapt to these post-quantum algorithms, up from 44% last year, prior to the NIST announcement.
  • Growth of machine identities increases operational burdens: Nearly three quarters (74%) of respondents say their organizations are deploying more cryptographic keys and digital certificates, which has significantly increased the operational burden on their organizations’ teams. This burden is exacerbated by a lack of skilled personnel; less than half (42%) of respondents say they do not have enough staff to deploy and maintain PKI effectively.
  • Certificate-related outages are hitting organizations hard: 77% of respondents report experiencing at least two significant outages caused by expired certificates in the past 24 months. Another 55% of respondents indicated that these outages caused major disruption to customer-facing services.

The study was conducted by Ponemon Institute on behalf of Keyfactor and includes responses from 1,280 IT and infosec executives and practitioners in North America and EMEA, spanning 12 industries, including financial services, industrial & manufacturing, healthcare & pharmaceuticals, energy and utilities, and retail, among others.

CIO INFLUENCE: Ascend.io Launches Solution in Partnership with Snowflake, Enabling Cost Savings for Data Teams

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

ZoomInfo to Accelerate Business Growth Through Microsoft Dynamics 365 Integration

WWT and Accedian Accelerate 5G Adoption With Customer-Centric Performance Assurance

ThreeBridge Solutions and Keyot Announce Merger