Sixty-nine percent of organizations now manage more machine identities than human ones, with nearly half handling ten times as many.
Machine identities—ranging from applications, databases, and bots to IoT devices and SaaS tools—are becoming more prevalent, with nearly three-quarters (72%) of security professionals acknowledging that managing these identities is more challenging due to poor internal processes and inadequate tools.
As a result, 66% rely on manual processes for managing machine identities, straining already limited IT and security resources.
These were some of the key findings of recent research by SailPoint Technologies called “Machine Identity Crisis: The Challenges of Manual Processes and Hidden Risks.”
The report revealed significant security gaps in managing machine identities worldwide. Surveying over 320 identity and access experts, security professionals, and executives, it highlighted the increasing complexity and risk of managing machine identities compared to human ones.
Lack of Governance
Insufficient governance and oversight were found to be exacerbating the risks associated with machine identities. A surprising 75% of companies reported having machine identities without dedicated personnel managing them, increasing vulnerabilities to data loss and compromised access.
The study also found that 60% of entities perceive machine identities as more hazardous to business than human identities, a risk that is unlikely to diminish without improvements in visibility and governance.
“Many organizations lack visibility into the full spectrum of identities in their environment,” said Mark McClain, CEO and Founder of SailPoint, adding that their research indicates that machine identities are set to outpace other identity types in growth over the next three to five years.
McClain says addressing this complex landscape requires automated, cloud-based solutions that can efficiently manage machine identities, thus reducing risks, supporting compliance, and alleviating resource strain on IT teams.”
Widening the Attack Surface
Machine identities, the researchers said, can serve as entry points to external resources, including cloud and SaaS applications, third-party partners, and suppliers. This risk is tangible, as 57% of surveyed firms reported instances of machine identities gaining inappropriate access to sensitive data.
An additional 16% were uncertain about whether similar incidents had occurred, pointing to a broader lack of awareness or mitigation strategies around machine identity risks.
“Machine identities represent an increasingly popular attack vector, and the longer organizations grapple with how to manage them effectively, the greater the risk,” added SailPoint President Matt Mills. “Identity management solutions that do not provide real-time information on machine identities are essentially failing, forcing more manual steps, costing more in labor and resources, and resulting in poor processes that retain supposedly dormant identities, ultimately increasing the overall risk to the business.”
When choosing an identity management platform, organizations must consider every identity, not just those that are human, said Mills.
Survey Methodology
The survey captured insights from IAM, security, and compliance professionals in enterprise settings across five continents. A total of 322 participants, all responsible for identity and access management at their organizations, responded to questions on machine identity management practices. Participants were offered token compensation for their contributions.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.