of organizations have some type of strategy for crypto and machine identity management
of organizations have or plan to implement a Crypto Center of Excellence (CCoE) within 6 months
of respondents say crypto-agility is a top strategic priority for digital security in their organization
management is gaining
With the proliferation of keys, certificates, and
secrets, IT and security leaders have recognized the
need for an enterprise-wide cryptography and
machine identity management (MIM) strategy.
Failed audits are the
most common and
Failed audits were the most common and serious risks caused by mismanaged machine identities in the study. Unplanned certificate outages and theft or misuse of keys and certificates were also significant risks.
4.9 The average number of failed audits experienced by organizations in the past 24 months
75% of respondents consider failed audits a very serious issue for their organization
Machine identity gaps revealed.
Most IT and security pros agree that every machine identity is important, but a lack of skills, tools, and processes makes it hard to manage and protect every one.
of organizations do not have sufficient IT security staff dedicated to their PKI
of organizations still use spreadsheets to manually track digital certificates
of organizations do not have an accurate inventory of SSH credentials
of organizations have no formal access controls for code-signing keys
Change and uncertainty
are on the horizon.
Shorter SSL/TLS certificate lifespans, key misconfiguration, and overall lack of visibility are all serious and increasing concerns for most organizations in the study.