IT disaster recovery, cloud computing and information security news

Keyfactor and Ponemon Institute have released the first ‘State of Machine Identity Management Report’, a study exploring enterprises’ ability to manage and protect machine identities, keys and certificates in digital business.

Distributed workforces and the proliferation of connected devices have contributed to a rapid rise in the volume of machine identities. As a result, increased workloads, lack of visibility, misconfigurations, and shorter SSL/TLS certificate lifespans are creating concern.

Key findings in the report include:

  • Certificate-related outages are widespread: 88 percent of organizations reported experiencing at least one unplanned outage due to expired certificates in the past 24 months. Another 41 percent reported four or more outages.
  • The rate of failed audits is rising: on average, organizations experienced approximately five failed audits or compliance incidents due to insufficient key management within the past 24 months. Compared to other machine identity-related incidents, such as unplanned certificate outages or theft and misuse of keys and certificates, audit failures are considered the most serious, according to 75 percent of respondents.
  • Neglected SSH credentials and code signing keys are increasing security risks: 57 percent of respondents do not have an accurate inventory of SSH keys and 26 percent say they never rotate SSH credentials. Many enterprise teams continue to store sensitive code-signing keys on build servers (33 percent) and developer workstations (19 percent).
  • Enterprises are struggling to establish internal policies, governance, and best practices: only a third of organizations report having a mature cryptographic center/centre of excellence (CCoE) to support the direction and implementation of an enterprise-wide cryptography strategy.
  • Staffing shortages: 40 percent of respondents identified a lack of skilled personnel as a barrier to setting an enterprise-wide cryptography and machine identity strategy. Only 45 percent of teams say they have sufficient staff dedicated to their PKI deployment.

The study was conducted by Ponemon Institute on behalf of Keyfactor and includes responses from 1,162 IT and infosec executives and practitioners in North America and EMEA, spanning 12 industries, including financial services, healthcare, manufacturing, retail and automotive.

More details.


Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.