by Murali Palanisamy, Chief Solutions Officer, AppViewX
Murali Palanisamy is responsible for the overall product vision, development, and technical direction of AppViewX. Before joining the company, he served as senior vice president at Bank of America, where he led an architecture and engineering team for e-commerce application delivery. Prior to that, Murali was vice president of architecture and product engineering at Merrill Lynch. He has designed and developed automation and integration solutions for servers, application delivery controllers, IP services, and networking.
TLS Certificate Validity Gets Much, Much Shorter
Google’s proposal to reduce the validity of TLS certificates from 398 days to three months will get approved by the Certificate Authority/Browser Forum in 2024 resulting in many organizations struggling to renew TLS certificates four times a year. This will put tremendous pressure on enterprise PKI teams and accelerate the need for automated certificate lifecycle management to ensure certificates are renewed on time to avoid outages and security weaknesses.
Machine Identity Management Reaches Critical Mass
To achieve zero trust, every person and “thing” needs a managed trusted identity. Traditionally, enterprise organizations have placed a greater emphasis on managing human identities to ensure that the right people have the right access to the right applications and data. Now, machine identities that include all connected devices, workloads, applications and cloud services greatly outnumber human identities and represent a significant blind spot in keeping the enterprise secure. As part of an Identity Governance and Administration (IGA) program, organizations must gain visibility and control of machine identities and converge management with human identities.
Expect Even More Explosive Growth in Machine Identities
With more cloud migrations and the continued growth of containerized applications, machine identities will keep growing exponentially. This growth in machine identities will initiate a pivot in how organizations approach securing complex hybrid multi-cloud infrastructures. Identities will form the new perimeter as organizations adopt identity first security approaches and zero trust strategies that require visibility, control and management of trusted identities.
Identity First Security Becomes Cross Functional
The primary focus of Identity and Access Management (IAM) teams has long been on managing human identities. However with the rise of machine identities, a cross functional approach to managing both machine and human identities is going to be required. While PKI teams are generally responsible for managing public and private trust CAs and the issuance of certificates widely used for machine identities, it’s not a scalable process to support NetOps, CloudOps, DecOps and SecOps teams when security, speed and agility all matter. These groups must form a cross functional team to better manage machine identities by selecting solutions with self service capabilities for fully automating certificate lifecycle management.
Surge in Identity Related Cyberattacks
In 2024, identity related cyberattacks will be on the rise as mismanaged and misconfigured machine identities are targeted. As the enterprise perimeter blurs, traditional perimeter defenses will no longer be sufficient to keep organizations safe and secure. With identities as the new perimeter, it will be critical to properly and meticulously manage trusted identities for machines, workloads, applications and cloud services. Weak cryptography, expired certificates and misconfigured identities will open exploitable vulnerabilities that cyberattackers will target to steal proprietary information, disrupt business-critical systems and carry out ransomware attacks.
DevOps Will Adopt Cloud-based Code Signing
In 2023, the CA/Browser Forum passed a new baseline requirement for how code signing certificates and keys are to be securely stored. This was a direct result of several high profile cyberattacks related to compromised code signing keys and processes. While code signing has become essential to proving the authenticity, integrity and security of software, it is still an afterthought for many development organizations. DevOps teams will use the new CA/B Forum requirements to reinvent their code signing processes. The popularity of SaaS code signing with a cloud-based HSM will enable simplified and centralized code signing processes, support distributed developers and that meet the CA/B Forum requirements – promoting speed, agility and security through the software development lifecycle.