Phone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

Protecting IoT and Machine Identities (IDs) with Automated PAM Tools

Written by Joseph Carson

March 11th, 2021

The most recent Forrester Wave for privileged identity management recognized that machine identities (IDs) are growing at twice the rate of human identities.  Much of this increase is due to the widespread adoption of Internet of Things (IoT) and automation through digital transformation initiatives that rely on cloud-based applications.

The proliferation of connected devices and automation is driving more service accounts, bots, and robotic processes, all of which need to access and exchange privileged information, often without human intervention.  Even as IoT and machine IDs are becoming more autonomous and automated, they are also becoming more responsible for and heavily integrated into critical infrastructure systems such as water, power, and transportation. Many of those connected devices still have human operators; however, in the near future, they will transition to autonomous.

The Forrester Wave emphasizes that Privileged Identity Management solutions should support DevOps teams, IT admins configuring cloud infrastructure, bots, IoT, and API-driven workloads.

This accelerated growth of machine IDs has important implications for security teams managing identities and privileged access for their organizations. That’s because these non-human identities impact large numbers of privileged accounts across the entire enterprise, especially among DevOps teams that rely on task automation to do their jobs.

The tools you’re using may not be sufficient in controlling and minimizing the risks from machine IDs

The problem comes from not recognizing the growing risks posed by non-human machine IDs when selecting and deploying security controls for managing privileged access. The identity or PAM tools you use to manage on-prem, human identities associated with privileged accounts are not always sufficient in controlling and minimizing the risks from machine IDs. You need automated, policy-driven privileged access management (PAM) solutions to provide the oversight and controls necessary for meeting today’s security and compliance requirements.

IoT and Machine ID privileged access security, for example, must be incorporated in building your trust framework. Here are suggestions to help ensure proper machine identity management.

  • Look for PAM solutions to enforce the principles of zero trust and least privilege with application control that are essential to keeping cyber criminals from exploiting connected devices.
  • Maintain continuous discovery and visibility of machine identities throughout your environment with a lifecycle approach that automatically manages expirations.
  • Employ a PAM solution that can audit who has access and what is using access regardless of whether it’s a device, an application, or an employee.
  • Make sure your PAM solution integrates machine identity security into tools that your DevSecOps team uses.

In addition, IoT and machine identities should be mapped to associated human identities for greater clarity and interoperability. Clearly defining who uses privileged accounts and who is the defined owner will help your organization ensure that defined policies are being applied and that privileged risk is being mitigated. This will also help apply the right role and scope during your PAM implementation. Organizations will continue to require human accountability for connected devices.

Automated, easy-to-use PAM solutions are the only practical option for managing the growing number and importance of IoT and machine identities.  They are essential to keeping our critical infrastructure safe, effective, and fully functioning for all those millions of people who depend on it.

Request a Quote

What does cyber security like this cost?
Not as much as you think.

Get a quote for the ONLY enterprise-grade PAM solution available both in the cloud and on-premise.

 

Like this post?

Get our top blog posts delivered to your inbox once a month.

SHARE THIS