A report earlier this year highlighted the fact that machine identities now vastly outnumber humans.
This leads to a wider attack surface leaving many organizations vulnerable to cyberattack and loss of data. We spoke to Refael Angel, the co-founder and CTO of unified secrets and machine identity platform Akeyless Security, to find out more about the problem and how enterprises can protect themselves.
BN: What is machine identity, and how does it differ from human identity in the context of security?
RA: Machine identity refers to digital identities assigned to automated entities, including servers, databases, containers, virtual machines, APIs, and more. Unlike human identities, which typically represent individual users with usernames and passwords, machine identities authenticate through certificates, encryption keys, API keys, SSH keys, and other types of credentials essential for automated processes. The main difference is scale and dynamism; machine identities vastly outnumber human identities, often by a factor of up to 45:1, especially in cloud-native and DevOps environments. Unlike human identities, which are relatively static and predictable, machine identities are ephemeral, proliferate rapidly, and require continuous and automated management to ensure security.
Moreover, traditional security practices designed for human identities — like manually managed passwords or periodic credential rotations — fall short for machine identities due to their sheer number and the dynamic nature of cloud environments. Managing machine identities requires an automated, unified platform capable of scaling rapidly and securely, something traditional identity management systems simply were not built to handle.
BN: What are the main risks associated with unmanaged or compromised machine identities?
RA: The risks associated with unmanaged or compromised machine identities are significant, often leading directly to cybersecurity incidents. In fact, 85 percent of identity-related breaches are attributed to compromised machine identities, such as service accounts and automation accounts. This is primarily because unmanaged identities create blind spots and vulnerabilities that attackers readily exploit.
Organizations have experienced a 71 percent increase year-over-year in attacks leveraging valid, yet compromised, credentials, with stolen credentials involved in 49 percent of breaches in 2023 alone. The average organization faces over four incidents annually related to compromised keys and certificates, and it typically takes nearly 11 months to detect and recover from such breaches.
The real-world impacts are severe, ranging from unauthorized data access and breaches of sensitive information to significant operational disruptions like outages and downtime. These incidents can also trigger regulatory compliance issues, fines, and lasting reputational damage. With machine identities increasingly embedded in critical operations, the fallout from compromised identities becomes exponentially more severe.
BN: Does the increase in numbers of IoT devices create new challenges for machine identity management?
RA: Absolutely, and it’s a rapidly escalating issue. The proliferation of IoT devices — from simple office sensors to complex industrial machinery — significantly complicates machine identity management. These devices usually have limited built-in security features, making them attractive targets for cybercriminals. Their sheer numbers and widespread deployment across diverse environments dramatically expand the attack surface, intensifying the management challenge. Around 45 percent of non-human identities currently have direct access to sensitive data, highlighting the urgent need for effective security solutions.
BN: How can organizations achieve visibility into their machine identity landscape?
RA: Achieving visibility starts with breaking down the security silos that often fragment the management of machine identities. Instead of separate teams using different tools and methods, organizations should centralize management to create a unified and consistent approach. Siloed security solutions often lead to inconsistent policy enforcement, duplicated efforts, and security gaps that attackers can exploit. Without a unified approach, teams struggle to detect compromised identities, leading to delays in responding to potential threats.
A unified platform eliminates these challenges by providing full oversight and control of machine identities across cloud, on-premises, and hybrid environments. This centralized approach ensures that all machine identities are continuously monitored, automatically updated, and securely managed, reducing the likelihood of security blind spots. Additionally, automation plays a crucial role in scaling machine identity management. With automated discovery and monitoring, organizations can quickly identify misconfigurations, detect anomalies, and proactively remediate security issues before they escalate into breaches.
Beyond security, visibility into machine identities also streamlines compliance efforts. Regulations and industry standards increasingly require organizations to maintain strict control over digital identities, making centralized management essential for passing audits and meeting compliance mandates. By implementing a unified approach, businesses can simplify reporting, enforce security policies uniformly, and reduce administrative overhead.
Ultimately, shifting to a centralized and automated machine identity management framework not only enhances security posture but also increases operational efficiency. Organizations that adopt this model can respond more swiftly to threats, reduce human errors, and future-proof their security infrastructure against evolving attack vectors.
BN: How do you see the evolution of machine identity management in the next five-to-ten years?
RA: Machine identity management will undergo profound changes in the next decade, shaped largely by advancements in AI, automation, and the shift toward a ‘secretless’ future.
Firstly, we anticipate a growing adoption of secretless security approaches. This means shifting away from static, long-term credentials toward dynamic, short-lived, or just-in-time credentials that are generated precisely when needed and discarded immediately afterward. This approach dramatically reduces the attack surface by ensuring that credentials don’t linger unnecessarily, which has historically been the primary source of breaches.
Additionally, as AI continues to transform business and IT landscapes, the use of generative AI tools will expand, bringing both innovation and new risks. We’ve already seen that repositories using AI-assisted tools, such as GitHub Copilot, have a 40 percent higher incidence rate of leaked secrets. This trend underscores the urgency of improving secrets management and embracing secretless authentication methods to eliminate static credentials entirely.
The future of machine identity security will be marked by moving towards secretless authentication and incorporating AI-driven security models that can adapt quickly to emerging threats. Organizations will increasingly need integrated, automated solutions capable of real-time threat detection and response.
At Akeyless, we’re already leading this evolution through our patented Distributed Fragments Cryptography (DFC technology, a zero-knowledge SaaS model where no single entity — including us — ever holds a complete encryption key. This ensures unmatched security and compliance, even in complex, hybrid multi-cloud environments. By adopting solutions like ours, enterprises can future-proof their security posture, staying ahead in an era where static secrets are becoming obsolete, and agile, AI-driven threat management becomes essential.
Image credit: DenisSmile/depositphotos.com
