Market Overview

Venafi Study: 80 Percent of Enterprises Struggle to Protect Machine Identities


Ninety-six percent of IT security professionals believe machine
identities are central to company security and viability, but few have
capabilities to protect them

the leading provider of machine identity protection, today announced the
results of "Securing The Enterprise With Machine Identity Protection, a
June 2018 commissioned study conducted by Forrester Consulting on behalf
of Venafi." The study focused on enterprise machine identity protection
challenges and included responses from 350 senior IT security
professionals who are responsible for their organizations' identity and
access management from the U.S., U.K., Germany, France and Australia.

Key findings from the study reveal that ninety-six percent of companies
believe that effective protection of machine and human identities are
equally important to the long-term security and viability of their
companies. However, eighty percent of respondents struggle with the
delivery of important machine identity protection capabilities.

"It is shocking that so many companies don't understand the importance
of protecting their machine identities," said Jeff Hudson, CEO of
Venafi. "We spend billions of dollars protecting user names and
passwords but almost nothing protecting the keys and certificates that
machines use to identify and authenticate themselves. The number of
machines on enterprise networks is skyrocketing and most organizations
haven't invested in the intelligence or automation necessary to protect
these critical security assets. The bad guys know this, and they are
targeting them because they are incredibly valuable assets across a wide
range of cyber-attacks."

Additional findings from the study include:

  • Nearly half (forty-seven percent) believe protecting machine
    identities and human identities will be equally important to their
    organizations over the next 12 to 24 months, while nearly as many
    (forty-three percent) think machine identity protection will be more
  • Seventy percent admit they are tracking fewer than half of the most
    common types of machine identities found on their networks. When asked
    which specific machine identities they track:
    • Just fifty-six percent say cloud platform instance machine
    • Only forty-nine percent say mobile device machine identities.
    • Only forty-nine percent say physical server machine identities.
    • Only twenty-nine percent say SSH keys.
    • Only a quarter (twenty-five percent) say machine identities of
      microservices and containers.
  • Sixty-one percent say their biggest concern regarding poor machine
    identity protection management is internal data theft or loss.

Managing user and machine identities and privileged access to business
data and applications is an enormous undertaking that has serious
security ramifications. Traditionally, the focus for identity and access
management (IAM) programs has been people-centric, but recent increases
in the number of machines on enterprise networks, shifts in technology
and new computing capabilities have created a set of challenges that
require increased focus on protecting machine identities.

From Securing The Enterprise With Machine Identity Protection, Forrester
Consulting, June 2018: "Newer technologies, such as cloud and
containerization, have expanded the definition of machine to include a
wide range of software that emulates physical machines. Furthermore,
these technologies are spawning a tidal wave of new, rapidly changing
machines on enterprise networks. To effectively manage and protect
machine identities, organizations need: complete visibility of all
machine identities across their networks; actionable intelligence about
each machine identity; and the capabilities to effectively put that
intelligence into action at machine speed and at scale."

To read the complete study, please visit:


Web: Venafi
Machine Identity Protection Research Results

Venafi Study: Do Enterprises Struggle with Machine Identities?

About Venafi

Venafi is the cybersecurity market leader in machine identity
protection, securing connections and communications between machines.
Venafi protects machine identity types by orchestrating cryptographic
keys and digital certificates for SSL/TLS, IoT, mobile and SSH. Venafi
provides global visibility of machine identities and the risks
associated with them for the extended enterprise —on premises, mobile,
virtual, cloud and IoT — at machine speed and scale. Venafi puts this
intelligence into action with automated remediation that reduces the
security and availability risks connected with weak or compromised
machine identities while safeguarding the flow of information to trusted
machines and preventing communication with machines that are not trusted.

With over 30 patents, Venafi delivers innovative solutions for the
world's most demanding, security-conscious Global 5000 organizations,
including the top five U.S. health insurers; the top five U.S. airlines;
four of the top five U.S., U.K., Australian and South African banks; and
four of the top five U.S. retailers. For more information, visit:

View Comments and Join the Discussion!