Machine identities are a large, and fast-growing part of the enterprise attack surface. The number of machines—servers, devices, and services—is growing rapidly and efforts to secure them often fall short.
Cybercriminals and other threat actors have been quick to take advantage. Cyberattacks that involved the misuse of machine identities increased by 1,600% over the last five years, according to a report released last spring by cybersecurity vendor Venafi.
Research firm Gartner named machine identity as one of the top cybersecurity trends of the year, in a report released last fall. In 2020, 50% of cloud security failures resulted from inadequate management of identities, access, and privileges, according to another Gartner report. In 2023, that percentage will rise to 75%.
“We spend billions of dollars every year on identity and access management for humans—from biometrics to privilege access management—yet very little time of investment goes toward defending our machine identities,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. “Yet just as with human identities, in the hands of the wrong person, a machine identity can be put to bad use.”