Could machine identity be the channel’s next big security opportunity?
The growth of IoT, cloud and connectivity is opening up a world of possibilities
Identity and access management is big business. Valued at $8 billion by analysts at Markets and Markets in 2016, this sector is driven by customers spending a fortune on tools such as password and username protection. Yet few seem to realise machines' identities need to be protected too and without a means of securing the identity of their identity, we could be leaving the backdoor open for hackers.
This security problem has been 'under the radar' for some time, but this won't be the case for long. Exploiting machine identity is set to be the next big market for hackers, according to experts at Intel. Just look at last year's record breaking Bangladesh Bank heist, in which more than $100 billion was siphoned off. Or vulnerabilities in WhatsApp, which can allow our private messages to be read. Indeed, Gartner expects that half of all network attacks will abuse machine identities in 2017 alone.
Channel executives should take note. Channel organisations depend on anticipating changes in customer demand and acting on them before the competition – with the protection of machine identities set to move up the security agenda, this is a rare opportunity to seize upon a market currently in its infancy.
The machine identity conundrum
'Machine identity' itself is a straightforward concept. Online, humans create user credentials for each bit of software we use, to let us gain access to applications and services. Machines don't rely on usernames and passwords, instead they use encryption keys and digital certificates to authenticate themselves, and determine whether they can be trusted.
However, the current machine identity system has remained unchanged for the past 20 years. This has largely been because it hasn't been the source of attacks, but things are starting to change. Hackers have woken up to the fact they can steal or forge machine identities, helping them to pose as legitimate entities in order to eavesdrop, escalate privileges and exfiltrate data. Worse still, they can use encryption keys to gain access to – and hide within – encrypted network traffic, where most security tools can't detect them.
Despite the risks, very little has been spent securing these machine identities. However, this is starting to change, particularly as the range of machines we rely on expands with the growth of cloud and the emergent Internet of Things (IoT). Every connected device on a network, for example, will need to be issued with its own identity so that other devices can trust it. So, if society is indeed set to be transformed by the IoT, the demand for solutions to secure the identities of these devices will be massive.
Channel Pro Newsletter
Stay up to date with the latest Channel industry news and analysis with our twice-weekly newsletter
Machine identity and the channel
With that in mind, there's a real opportunity for the channel to take the lead in educating the wider IT industry as to the importance of protecting machine identities. Spreading awareness among customers as to how cyber threats targeting machines will increasingly take place should be the first priority. Channel executives will be able to provide training programmes for customers, helping them take ownership of their organisation's machine identities with a detailed understanding of their importance. This also gives resellers the opportunity to offer solutions to automate the security and management of machine identities. Providing real-time information on rogue or compromised machine identities to other security solutions is another rapidly expanding marketing opportunity.
Better still, these solutions can be offered to customers as part of a wider security service. Resellers can open up new opportunities to up-sell and cross-sell by bundling machine identity management tools alongside other solutions, such as antivirus software, endpoint protection or mobile device management. Resellers can become a 'one-stop-shop' for the customer's entire security operation, with machine identity protection at the core.
Machine identity protection also offers resellers the chance to create new revenue streams entirely. In an environment where the number of machine identities in use is skyrocketing, customers will increasingly demand an automated solution. This can be offered as a managed service, whereby resellers can automate the management of their customers' machine identities entirely and manage this risk on their behalf.
Right place, right time
Security has been a lucrative source of income for the channel in recent years, as awareness of cyber threats reaches an all-time high. Yet this has produced a crowded marketplace with any number of different solutions on offer – according to Markets and Markets analysts, the market for managing passwords alone is expected to reach more than $700 billion by 2019, for example. By comparison, machine identity protection offers the channel a clean slate with a far less congested vendor landscape.
This is why channel organisations should seize the opportunity to take the lead in this new market. Resellers have an opportunity to educate the IT industry on the importance of a substantial new security challenge before it becomes widely known – a rare luxury in an otherwise crowded security environment. Machine identity protection may not be the only security issue the channel should focus on, but it's certainly set to be one of the most important.
Craig Stewart is VP of EMEA at Venafi