State of Machine Identity
Management Report 2021

The IAM game has changed. Machine identity management is now imperative.
Get insights from 1,100+ IT and security professionals.

Scroll for highlights
Sponsored by Keyfactor and independently conducted by Ponemon Institute

of organizations have some type of strategy for crypto and machine identity management

of organizations have or plan to implement a Crypto Center of Excellence (CCoE) within 6 months

of respondents say crypto-agility is a top strategic priority for digital security in their organization


Machine identity
management is gaining

With the proliferation of keys, certificates, and
secrets, IT and security leaders have recognized the
need for an enterprise-wide cryptography and
machine identity management (MIM) strategy.


Failed audits are the
most common and
serious risk.

Failed audits were the most common and serious risks caused by mismanaged machine identities in the study. Unplanned certificate outages and theft or misuse of keys and certificates were also significant risks.

4.9 The average number of failed audits experienced by organizations in the past 24 months
75% of respondents consider failed audits a very serious issue for their organization

Machine identity gaps revealed.

Most IT and security pros agree that every machine identity is important, but a lack of skills, tools, and processes makes it hard to manage and protect every one.

of organizations do not have sufficient IT security staff dedicated to their PKI

of organizations still use spreadsheets to manually track digital certificates

of organizations do not have an accurate inventory of SSH credentials

of organizations have no formal access controls for code-signing keys


Change and uncertainty
are on the horizon.

Shorter SSL/TLS certificate lifespans, key misconfiguration, and overall lack of visibility are all serious and increasing concerns for most organizations in the study.

of companies do not know exactly how many keys and certificates they have

of respondents are concerned about the increasing risk of key and certificate misconfiguration

of respondents worry about increased risk of outages due to shorter SSL/TLS certificate lifespans

Get the full 2021 report

Are you still experiencing outages or failed audits due to mismanaged keys and
certificates? Download the full report and share insights with your team.