Finance IT Overconfident in Machine Identity Tools

Finance IT Overconfident in Machine Identity Tools

A new study found that a majority of financial services security professionals are overly confident about the ability of machine identity protections to defend their organizations's networks, according to Venafi.

The report, Securing the Enterprise with Machine Identity Protection, conducted by Forrester Consulting on behalf of Venafi, surveyed 116 IT security professionals from financial services and insurance organizations across the US, UK, Germany, France and Australia. It found that 80% of respondents who are responsible for identity and access management (IAM) trust that automated communications between machines on their networks are mostly or completely secure.

In addition, 70% of respondents feel confident that effective protection of machine identities is critical to the long-term security and viability of their companies, the study found. Still, financial services organizations are only tracking an average of 43% of the most common types of machine identities.

Looking at the number of respondents who follow the progress of specific machine identities, the study found that just over half (56%) are tracking cloud platform instance machine identities and 55% are tracking physical server machine identities. Yet less than half (48%) track mobile device machine identities, according to a press release.

Even fewer, only 34%, track the machine identities of SSH keys. Those numbers continue to decline when looking at tracking the machine identities of containers (28%) and micro-services (26%).

“Financial services organizations have more work to do in order to make sure their machine identities are protected, and we know these issues are not unique to a specific industry,” said Jeff Hudson, CEO of Venafi, in a press release.

“Despite the importance of machine identities, most organizations are overwhelmed by the sheer number of them on their networks, and they don’t have the visibility, intelligence or automation necessary to take the necessary steps to close the gaping hole in security.”

The report also noted that 41% of financial services IT security professionals confessed that the lack of system administrator focus on machine identity use is a major challenge, while the same number identified lack of automated processes to inventory machine identities as a major problem.

Source: Information Security Magazine