Skip to main content
purple hex pattern
woman holding phone and tapping on tablet sitting in front of computer

Machine Identity Management

As machines (either hardware or software) interact with other entities such as devices, applications, cloud services or gateways, these connections need to be secure and trustworthy. Machine Identity management provides centralized visibility, control, and management of the endpoints and their supporting infrastructure.

How Entrust Secures Machine Identities

Entrust provides security and trust of machines through:

  • Identity enrollment and provisioning at IoT scale with IoT Security
  • Establishing trust with high-assurance certificate-based identities
  • Verifying and authenticating the integrity of software with code signing
  • Keeping encryption keys secure with FIPS-validated HSMs
man looking at phone
woman looking at phone

White Paper: The State of Machine Identity Management

A recent survey by IDG has uncovered the complexities surrounding machine identities and the capabilities IT leaders are seeking from a management solution.

This white paper delves into some of those survey results.

Highlights from the IDG Survey

Top 3 trends driving the need for machine identity management
  1. Increase in remote workforce/new mobile deployments
  2. Increased cloud deployments
  3. Convergence of teams and tools (IT/OT/DevOps)
Top 3 challenges in managing and securing machine identities
  1. New use cases continually add systems and devices
  2. Technology/Tool complexity
  3. Lack of visibility into entire inventory of machines/devices/systems
Top 3 benefits of a unified machine identity strategy
  1. Better ability to secure devices and workloads
  2. Better performance/fewer outages
  3. Improved business continuity

Machine Identities Use Cases

While the number of human identities over the years has remained reasonably flat, the number of machine identities has increased exponentially to the point where they now outnumber human identities.

Gartner defines machine identities as separate from human identities (employees, partners, vendors, customers, consultants, etc.), and groups machine identities into two subgroups: devices and workloads.

Devices

Mobile Devices
  • Typically use unified endpoint management (UEM) from VMware, IBM, Microsoft, Blackberry, Citrix, and Mobile Iron
  • Issue certificates or integrate with CAs that issue the certificates
Desktops
  • Typically use unified endpoint management (UEM) from VMware, IBM, Microsoft, Blackberry, Citrix, and Mobile Iron
  • Commonly use Active Directory and Group Policy Objects (GPOs) to provision certificates to devices
IoT/OT Devices
  • More complexity and diversity in devices mean best practices aren’t as well defined
  • Hardware, firmware, edge environment, and IoT platform need to work together to bootstrap the devices and handle the entire lifecycle
Code/Firmware/Container Signing
  • Verifies integrity of software and hardware
  • Every device has software that runs it, and if its integrity is not verified, it shouldn’t be trusted

Workloads

Containers
  • Examples: Docker containers and microservices
  • Use: Certificates, shared keys
  • Issued by: Azure, AWS, Google Cloud, Kubernetes
Virtual Machines (VMs)
  • Examples: Linux or Windows VMs
  • Use: Certificates, shared keys
  • Issued by: Azure, AWS, UUIDs in VMWare
Applications
  • Examples: Code, DevOps pipelines, scripts, and software robots (RPAs)
  • Use: Secrets, certificates, API, and crypto keys
  • Issued by: HashiCorp Vault, CloudFoundry, API Gateways
Services
  • Examples: Web servers, network and storage infrastructures, cloud services
  • Use: Certificates
  • Issued by: Public CAs, code signing certificates