Zero trust is an acknowledgment that legacy network controls like firewalls and VPNs are not enough to secure the enterprise. This has become increasingly true due to digital transformation, cloud computing and DevOps trends. The framework is built on the notion of “never trust, always verify” and views trust as a vulnerability. This has left identity as one of the sole remaining tools for controlling access to services, applications and other business-critical operations. Identity is key to securing the fast-growing digital footprint of today’s enterprises. This has resulted in the pursuit of zero-trust strategies and greater use of public-key infrastructures (PKI) and digital certificates. But along the way, a critical component of a secure enterprise has gotten out of control. Machine identities, which are growing exponentially and can be as equally vulnerable to compromise, are not getting the proactive attention necessary to ensure secure operations. The mechanisms for properly managing and protecting machine identities, such as X.509 certificates, symmetric keys and secure shell (SSH) keys, can leave organizations exposed to credential-based exploits used by ransomware operators. The recent growth of machine identities can also create weaknesses. A report from CyberArk found that machine identities outnumber humans 45-1 and that 68% of non-human identities have access to sensitive data and assets. Organizations need to take a comprehensive identity approach to secure humans and machines. Considering an efficient use of PKI can help to gain better control of the identities on their networks.
Full opinion : We’re Going Through A Machine Identity Crisis.