Loading...
Identity
Reminder – the machines are coming!
February 27th, 2025

The use of machines in organisations has grown exponentially, while growth allows for higher volume of automations and lightning speed machine to machine transactions, machines often operate with privileged access, handle sensitive data and authenticate with single factor authentication. Secret master keys are often exposed in source code, giving attackers an easy access route to compromising machine identities.

How can we begin to manage Machine Identity?

It’s not possible to manage what you don’t know you have….the first step here is to create an inventory of your machine identities.

Steps to Create an Inventory of Machine Identities

1. Identify All Machine Identities

The first step is to discover all machine identities in your organization. These include:

  • TLS/SSL certificates
  • SSH keys
  • API tokens
  • Code-signing certificates
  • Cloud workload identities (IAM roles, service accounts)

2. Use Automated Discovery Tools

Manual tracking of machine identities is impractical. Utilize tools such as:

  • Certificate management platforms (e.g., Venafi, DigiCert CertCentral)
  • Cloud security posture management (CSPM) tools
  • Enterprise Public Key Infrastructure (PKI) solutions
  • SSH key management solutions
  • Endpoint and network scanners

3. Categorize and Document Each Identity

Once discovered, categorize machine identities based on:

  • Type (certificate, key, token, etc.)
  • Expiration date
  • Issuing authority
  • Associated system or application
  • Owner (team or individual responsible)

4. Assess Risks and Identify Vulnerabilities

Review the inventory for:

  • Expired or soon-to-expire certificates
  • Weak cryptographic algorithms
  • Overprivileged machine accounts
  • Hardcoded or exposed credentials in source code or logs

5. Establish a Lifecycle Management Process

Machine identities should be regularly monitored and rotated. Implement:

  • Automated certificate renewal
  • Centralized key management policies
  • Role-based access controls (RBAC) for key usage
  • Regular audits and compliance checks

Building an inventory of machine identities is a foundational step in securing your organization's digital assets. Without visibility and control, machine identities can become a significant security risk. By implementing a structured approach—discovery, categorization, risk assessment, and lifecycle management—you can establish a robust framework for managing machine identities, reducing security threats, and ensuring compliance.

About The Author

Lynsey Dunn is an IAM Consultant and Certified Okta Consultant at Distology Studios, bringing extensive Risk Analyst experience from previous positions at Deutsche Bank and Morgan Stanley.