Machine Identities
With the proliferation of machine identities – from IoT and mobile devices, to containers and applications – establishing and managing the trust of machine identities is essential.
Machine Identity Management
As machines (either hardware or software) interact with other entities such as devices, applications, cloud services or gateways, these connections need to be secure and trustworthy. Machine Identity management provides centralized visibility, control, and management of the endpoints and their supporting infrastructure.
How Entrust Secures Machine Identities
Entrust provides security and trust of machines through:
- Identity enrollment and provisioning at IoT scale with IoT Security
- Establishing trust with high-assurance certificate-based identities
- Verifying and authenticating the integrity of software with code signing
- Keeping encryption keys secure with FIPS-validated HSMs
White Paper: The State of Machine Identity Management
A recent survey by IDG has uncovered the complexities surrounding machine identities and the capabilities IT leaders are seeking from a management solution.
This white paper delves into some of those survey results.
Highlights from the IDG Survey
Top 3 trends driving the need for machine identity management
- Increase in remote workforce/new mobile deployments
- Increased cloud deployments
- Convergence of teams and tools (IT/OT/DevOps)
Top 3 challenges in managing and securing machine identities
- New use cases continually add systems and devices
- Technology/Tool complexity
- Lack of visibility into entire inventory of machines/devices/systems
Top 3 benefits of a unified machine identity strategy
- Better ability to secure devices and workloads
- Better performance/fewer outages
- Improved business continuity
Machine Identities Use Cases
While the number of human identities over the years has remained reasonably flat, the number of machine identities has increased exponentially to the point where they now outnumber human identities.
Gartner defines machine identities as separate from human identities (employees, partners, vendors, customers, consultants, etc.), and groups machine identities into two subgroups: devices and workloads.
Devices
Mobile Devices
- Typically use unified endpoint management (UEM) from VMware, IBM, Microsoft, Blackberry, Citrix, and Mobile Iron
- Issue certificates or integrate with CAs that issue the certificates
Desktops
- Typically use unified endpoint management (UEM) from VMware, IBM, Microsoft, Blackberry, Citrix, and Mobile Iron
- Commonly use Active Directory and Group Policy Objects (GPOs) to provision certificates to devices
IoT/OT Devices
- More complexity and diversity in devices mean best practices aren’t as well defined
- Hardware, firmware, edge environment, and IoT platform need to work together to bootstrap the devices and handle the entire lifecycle
Code/Firmware/Container Signing
- Verifies integrity of software and hardware
- Every device has software that runs it, and if its integrity is not verified, it shouldn’t be trusted
Workloads
Containers
- Examples: Docker containers and microservices
- Use: Certificates, shared keys
- Issued by: Azure, AWS, Google Cloud, Kubernetes
Virtual Machines (VMs)
- Examples: Linux or Windows VMs
- Use: Certificates, shared keys
- Issued by: Azure, AWS, UUIDs in VMWare
Applications
- Examples: Code, DevOps pipelines, scripts, and software robots (RPAs)
- Use: Secrets, certificates, API, and crypto keys
- Issued by: HashiCorp Vault, CloudFoundry, API Gateways
Services
- Examples: Web servers, network and storage infrastructures, cloud services
- Use: Certificates
- Issued by: Public CAs, code signing certificates