With digital transformation comes the move to the public cloud. It requires a retooling of your security strategy from the ground up. The rise in the number of identities in the public cloud is a risk that you simply can’t ignore.
Privileged identity is a term used to designate the special identities that have access above and beyond that of a standard user.
What are privileged non human identities?
These are the identities that act on behalf of a person. These identities exist in every IT environment and are also called machine identities.
Machines by definition are anything that can take action. For example; a server, a virtual machine, a container, an application or an API. These are all machine types. `The number of machines that are the foundation for the digital transformation is going through the roof.
The identities that are associated with these machines are TLS certificates, SSH keys, API keys and more.
For every network, there are two types of identities, one is the human identity and the other is the non-human identity. Human identities use usernames and passwords to identify themselves, whereas machines authenticate themselves by using cryptographic keys and digital certificates.
Non human privileged identities are the identities that have access to the sensitive data to which a non privileged machine identity has no access to.
Examples of non human privileged identities:
- SSH key. They are used to authenticate automated processes.
- Service account. Services use these accounts to access and make modifications to the configuration.
- Application account. Used to administer, configure or manage access to a specific application software.
- Secret. This term is used by DevOps team as a catch all term that refers to SSH and API keys or other such credentials.
Ways in which privileged & non privileged machine identities are used in your organization.
As organizations embrace cloud, DevOps, robotic process automation and IoT, the number of machines and applications that require privileged access has surged. Let’s talk about a few ways in which these machine identities are being used to support a wide variety of vital business functions in your organization.
- Securing web transactions with HTTPS. SSL/TLS certificates create an encrypted connection between a web server and a web browser. This provides a safety net to carry out web transactions such as online banking and e-commerce.
- Securing privileged access. SSH keys are used to secure the machine-to-machine automation of critical business functions. They ensure that only trusted human and nonhuman identities have access to sensitive data.
- Securing Fast IT and DevOps.DevOps teams use containers or clusters to run individual modules called microservices. Each of these microservices and containers should have a certificate to identify and authenticate it. These certificates serve as machine identities that allow secure communication of the container with other containers, microservices, the cloud and the Internet.
- Securing communication on consumer devices. Digital certificates provide the means for authenticating mobile devices that access enterprise networks. They also enable access to Wi-Fi networks of the enterprise using SSL and IPSEC VPNs.
- Authenticating software code. To verify the integrity of a software, it is usually signed with a certificate. This certificate serves as a machine identity that authenticates the software.
In this era of cloud computing, your organization needs to recognize that the complexity of managing the privileged identity roles for machines will increase exponentially over time. You should realise that the various identities (human and non-human) and the privilege types and resources associated with them—across multiple cloud platforms will run into the millions and make it virtually impossible to administer manually.
Every year billions of dollars are spent for protecting human identities and their privileges, but little is done to protect the machine identities, both privileged and non privileged. The cybercriminals are aware of this and hence they go for such identities. Therefore, it becomes imperative that you take the necessary steps to protect your privileged machine identities to protect your organisation from data theft. You need to implement the right ‘identity and access management’ and ‘privileged identity management (PIM)’ solutions.