When you arrive at the office in the morning, you have to input your usernames and passwords in order to identify yourself and turn on your computers. Machines need to do the same thing in order to start their regular work. Secure authentication of machine identities most likely depends on the cryptographic keys and digital certificates. Rules for key creation reflect the gap between the implementation of security controls for human identities or machine identities. Therefore, the keys set for machine identities are very important and it should be set wisely.
In research conducted recently, more than 1,500 cybersecurity professionals representing their companies and industries in the U.S., U.K., France, Germany, and Australia are interviewed. Among these cybersecurity pros:
- 54% of them stated that their organizations have a written policy for restricting the length and randomness of the passwords created for machine identities.
- 85% of them also stated that there is a policy for restricting the password length for human identities.
- 49% of them claimed that their organizations check the length and randomness of their keys, while 70% of organizations do so for passwords.
- 55% of these organizations have a written policy stating how often certificates and private keys should be changed, while 79% have the equivalent policy for passwords.
- 42% of organizations automatically enforce the rotation of TLS certificates, compared with 79% that automatically enforce the rotation of passwords.
- 53% of these organizations audit how often certificates and private keys should be changed, and 73% audit for passwords.
Fortunately, we can tell the organizations will improve their machine identity protection soon as they have already planned on spending more $10 billion on improving human identities this year. Improving machine identity protection as the next step is very important because machines in enterprises, including virtual machines, applications, algorithms, APIs and containers, are exponentially growing.
Are You Concerned About Ransomware or Malware?
There are preventive measures your organization can take to defend against an cyber attack.
LIFARS offering Free 30-minute consultation on cyber resiliency.
Email:contact@lifars.com | Call us at:(212) 222-7061
Credits:
helpnetsecurity.com/2019/12/27/keys-for-machine-identities/