How to deal with security risks posed by machine identities

DevOps 文化​The rise in the enterprise has accelerated product delivery times.Automation certainly has its own advantages.然而,The rise of containerization and cloud software development is exposing organizations to a new attack surface.

如今,Machine identities far outnumber human identities in the enterprise.事实上,Caused by the rise of machine identities“Cybersecurity debt”不断累积,增加安全风险.

Here are the three main security risks posed by machine identities and how to counter them：

· Certificate renewal issue

Machine identities are protected differently than humans.人类 的ID Login and password can be used for authentication,但机器 ID A certificate and key are required,And these certificates have a validity period.

The certificate is generally valid for two years,But rapid advances in technology have shortened the validity period of some certificates to 13 个月.Given in the given DevOps There are typically thousands of machine identities in a cycle,All of these certificates have different validity periods,So doing manual updates and audits is almost impossible.

Teams that rely on manual processes to validate certificates may face unplanned outages,这是 DevOps Operation and maintenance cannot afford it.Companies with public-facing services may experience negative brand impacts from such disruptions.2021 年2There was a certificate-related outage in January,过期的TLS证书使Google Voice崩溃,导致其24小时不可用.

Automated certificate management is the best solution to this problem.例如Akeyless Such solutions can automatically audit and renew expired certificates.Except for the wider ones DevOps outside of automation,Akeyless Tools such as these also simplify secrets management.例如,The tool allows businesses to create a one-off by creating a machine access to sensitive information、Short-lived credentials for instant access.These certificates eliminate the need for static keys and certificates,This reduces the potential attack surface within the company.

机器 ID Verify also  Depends on the private key.As the use of tools in the enterprise increases,影子 IT has become a major problem.Even if the employee is only on trial SaaS Trial versions of the software are then discontinued using those products,The software's security certificate usually remains on the network,This makes it a vulnerability that attackers can exploit.

Secret information management tools integrate every aspect of your network,And monitor shadow certificates and keys.因此,It's easy to remove redundant keys and protect valid keys.

· Incident response lags

One of the problems security teams face is the cascading problems that arise from compromised or expired machine identities.例如,If a single machine ID 被泄露,Security teams must quickly replace their keys and certificates.如果不这样做,像Jenkins这样的自动化 CI/CD The tool will have errors that affect the progress of the release.

像 Jenkins Such a tool is connected DevOps every part of operations,Downstream problems can also arise.Then there's the issue of third-party tool integration.If the cloud container is single due to detection ID There is a vulnerability and you decide to revoke all your machines ID,该怎么办？

All of these issues immediately impact your security team,resulting in a lot of problems,Making it extremely challenging to attribute all problems to one root cause.The good news is that automation and electronic key management simplify the process.These tools will give your security team complete visibility into the location of digital keys and certificates,and the steps required to renew or issue a new certificate.

令人惊讶的是,由于 DevOps containerization method in ,Most organizations lack visibility into key locations.Most product teams work in silos,And come together to integrate different codes before production.The result is a lack of security transparency about the different moving parts.

在机器 ID 主导的世界中,Security cannot remain static or centralized.You must create an agile security posture to match an agile development environment.This posture will help you quickly respond to cascading problems and identify root causes.

· Lack of audit insight

机器 ID The rise has not gone unnoticed.Governments are increasingly mandating encryption keys,to monitor digital identities,Especially when regulating sensitive business units.Add to that the data privacy laws that businesses must comply with,for any manual machineIDIt's a huge problem for management programs.

如今,Failed security audits can have dire consequences.In addition to losing public trust,The organization also set a target for hackers,This often increases the chances of a security breach.The average enterprise may have hundreds of thousands of machine identities under its authority,Each identity has a different configuration and validity period.

Human teams cannot keep pace with these identities.Yet many organizations still assign tasks to their security teams this way,expose them to significant security risks.Even manual processes handle key updates,Human error can also create problems.此外,It is unrealistic to expect a small number of administrators to understand the trust requirements for each certificate.

像 Hashicorp Such automated solutions can solve these problems seamlessly,Because it provides simple auditing and compliance data that security teams can use.

自动化是关键

DevOps Prioritize the automation of your entire operations.To include security,You must automate and integrate these applications across your organization,to create a flexible security posture.如果不这样做,An increase in the number of machine identities will overburden your security team,Unable to deal with threats.

原标题：How to Combat the Biggest Security Risks Posed by Machine Identities

链接：https://thehackernews.com/2022/07/how-to-combat-biggest-security-risks_29.html​