MACHINE IDENTITIES 101
Keys, secrets, and certificates
The number of human identities over the years has remained reasonably flat, whereas the number of machine identities has increased exponentially. We’ve now reached the point where machine identities outnumber human identities.
A first step for organizations in developing a strategy around managing machine identities is to agree on a definition. Gartner defines machine identities as separate from human identities (employees, partners, vendors, customers, consultants, etc.), and also groups machine identities into two subgroups:
- Devices – Mobile devices, IoT/OT devices, desktop computers, code signing, etc.
- Workloads – Containers, virtual machines, applications, services, etc.
This proliferation of machines creates exciting opportunities for organizations, but it also creates risks. These machines must be secured with keys, secrets, and certificates as part of a proper machine identity management strategy.