Mass Identities: Companies bracing for over 500,000 machine identities within their organisation by 2024

    Vice President of Security Strategy and Threat Intelligence at Venafi

    New research from Venafi details the proliferation of machine identities resulting in increased outages and breaches

    100% of respondents said digital transformation initiatives are driving machine identity growth

    Venafi®, the inventor and leading provider of machine identity management, today announced the findings of a global CIO survey outlining the average number of machine identities per organisation at the end of 2021, which reached nearly a quarter of a million (250,000) – an average 42% increase versus the previous year. As companies continue to experience rapid digital transformation, 94% of respondents expect this growth to continue at the same rate or more, resulting in the average organisation likely to have over 500,000 machines by 2024.

    Machine identities enable secure communication and authentication between machines – everything from servers and applications to cloud instances and algorithms – making them essential to securing digital transformation. Yet the growth in machine identities is having an adverse effect – widespread sprawl and mismanagement. The accelerated shift to cloud and digital services is resulting in an increase of machine identity-related outages and breaches.

    The survey of 1,000 global CIOs found that:

    • 83% of organisations have suffered a certificate-related outage during the last twelve months, with over a quarter (26%) saying critical systems were impacted.
    • 57% have experienced security incidents or breaches related to compromised machine identities (including TLS, SSH keys and code signing keys and certificates).

    “Like never before, we’re witnessing a huge explosion in the number of machines used by businesses,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. “As technology continues to drive streamlined business operations, providing machines with strong identity and authentication is essential. Yet this growth is causing an uncontrolled sprawl of identities. The end result is the attack surface is widening and outages are on the rise. And it’s only going to get worse with the proliferation of machine identities and increased complexities – particularly with the growing adoption of more cloud-native environments, which make it harder for developers to gain visibility.”

    The rise in machines has exposed outdated practices across IT and security teams. Close to two-thirds (64%) of CIOs said that, rather than using a comprehensive machine identity management solution, they use various combinations of multiple solutions and processes. These include point solutions from their approved certificate authorities (CAs) and public cloud providers, as well as homegrown solutions and manual processes like spreadsheets.

    “The numbers speak for themselves – managing machine identities cannot be done in a manual and disjointed way. Organisations need a central view to manage these risks, or the business will suffer,” Bocek continued. “The research is clear – the need for automation is essential to reduce risk and allow developers to concentrate on innovation. Implementing a machine identity management solution which automates the management of machine identities throughout their lifecycle and in any environment is the only way forward. “

    About the research

    Conducted by Coleman Parkes Research, Venafi’s survey evaluated the opinions of 1000 CIOs across six countries/regions: United States, United Kingdom, France, DACH (Germany, Austria, Switzerland), Benelux (Belgium, Netherlands, Luxembourg), Australasia (APAC—Australia/NZ).