Introducing the 2024 PKI & Digital Trust Report     | Download the Report

Identity Management Day: Three Key Themes in Machine Identity Management

Machine Identity Management

Today, Keyfactor joins the business and cybersecurity community in celebrating the third annual Identity Management Day. Launched by the National Cybersecurity Alliance and the Identity Defined Security Alliance (IDSA), the day is intended to educate business leaders, IT decision-makers, and the general public about the importance of identity management.

When it comes to managing access to enterprise resources, organizations continue to focus on human identities and neglect machine identities. Yet, in today’s modern world, the number of machines within an organization greatly outnumbers their human counterparts. Unlike humans, machine identities come in the form of digital certificates and keys. And just like humans, machine identities must be properly managed and secured. However, machine identities are particularly challenging due to the high volume of certificates within an organization and their short lifespan.

Organizations around the world rely on Keyfactor for the best machine identity management possible, enabling them to establish the enterprise-wide digital trust needed in today’s threat landscape. To help the industry better understand the present challenges associated with machine identity management, Keyfactor partnered with the Ponemon Institute for its third-annual State of Machine Identity Management report.

The 2023 State of Machine Identity Management report surveyed 1,280 IT and infosec executives and practitioners across 12 key industries, including financial services, industrial and manufacturing, healthcare and pharmaceuticals, energy and utilities, and retail others. The intention behind this effort was to better understand the operational challenges security and identity teams are facing as the role digital machine identities play within the enterprise continues to evolve. 

Based on this year’s findings, we’ve zeroed in on three key themes in machine identity management for 2023. 

More certificates does not necessarily mean more hands on deck to manage them

The number of machines and certificates continues to grow at an exponential rate. Three-quarters (74%) of respondents say their organizations are deploying more cryptographic keys and digital certificates. As that number grows, tracking and managing the number of certificates is even more challenging; 60% of respondents were unsure of the exact number of keys and certificates in use within their organization – an increase of 17% from last year. 

Furthermore, managing the massive volume of machine identities has significantly increased the operational burden on their organizations’ teams. A lack of skilled personnel and security team shortages exacerbates that burden. Less than half (42%) of respondents say they do not have enough staff to deploy and maintain PKI effectively. 

In 2023 and beyond, more and more organizations will integrate automation into their identity management strategy to increase the visibility of certificates and their locations, identify and remediate certificate-related outages, and ultimately protect themselves from today’s threats. 

Costly outages continue to impact organizations

Certificates have short lifespans, and if they are not updated, turned, and managed properly, it can result in costly outages that, in some cases, could be detrimental to organizations. According to the report, 77% of respondents report experiencing at least two significant outages caused by expired certificates in the past 24 months. 

The time and cost to recover from outages can seriously impact an organization, often halting operations and profits in its tracks. In fact, 55% of respondents indicated that these outages caused major disruption to customer-facing services.

Executives are starting to pay attention

The good news is that executives are starting to pay attention to the importance of machine identity management. Security leaders are prioritizing getting a handle on their PKI infrastructure, with more than half (58%) of respondents identifying the need to reduce the complexity of their organization’s PKI infrastructure as a top strategic priority for digital security. The report also found that only 22% of respondents felt lack of executive support was a serious issue in setting an enterprise strategy for PKI and machine identity management, down significantly from 36% in 2021. 

The bottom line is executive awareness is growing around the need to invest in the right tools, people, and processes for machine identity management. Support and recognition from the executive team are instrumental in minimizing organizational challenges associated with machine identity management. 

More insights on machine identity management

Ready to learn more about the top trends in machine identity management and why it’s becoming a high priority for enterprises? Check out the full report, here: