Digital identity innovations present many business advantages and they also present concerns to consumers. Looking at some of the issues and the way the technology could evolve next year for Digital Journal is Murali Palanisamy, Chief Solutions Officer at AppViewX. Palanisamy is responsible for the overall product vision, development, and technical direction of AppViewX. Before joining the company, he served as senior vice president at Bank of America.
Palanisamy has put together some interesting predictions for where he sees digital identity heading over the next year.
TLS certificate validity gets much, much shorter
On the subject of the Transport Layer Security (TLS) certificate, Palanisamy thinks: “Google’s proposal to reduce the validity of TLS certificates from 398 days to three months will get approved by the Certificate Authority/Browser Forum in 2024 resulting in many organizations struggling to renew TLS certificates four times a year.”
TLS/SSL certificates secure internet connections by encrypting data sent between your browser, the website you’re visiting, and the website server.
The consequence of this “Will put tremendous pressure on enterprise PKI teams and accelerate the need for automated certificate lifecycle management to ensure certificates are renewed on time to avoid outages and security weaknesses.”
Machine identity management reaches critical mass
Can machines cope with the level of information being collected? Here Palanisamy considers: “To achieve zero trust, every person and “thing” needs a managed trusted identity. Traditionally, enterprise organizations have placed a greater emphasis on managing human identities to ensure that the right people have the right access to the right applications and data. Now, machine identities that include all connected devices, workloads, applications and cloud services greatly outnumber human identities and represent a significant blind spot in keeping the enterprise secure.”
The consequence of this? “As part of an Identity Governance and Administration (IGA) program, organizations must gain visibility and control of machine identities and converge management with human identities”, says Palanisamy.
Expect even more explosive growth in machine identities
The identity market and applications will grow. Palanisamy predicts: “With more cloud migrations and the continued growth of containerized applications, machine identities will keep growing exponentially. This growth in machine identities will initiate a pivot in how organizations approach securing complex hybrid multi-cloud infrastructures. Identities will form the new perimeter as organizations adopt identity first security approaches and zero trust strategies that require visibility, control and management of trusted identities.”
Identity first security becomes cross functional
According to Palanisamy: “The primary focus of Identity and Access Management (IAM) teams has long been on managing human identities. However with the rise of machine identities, a cross functional approach to managing both machine and human identities is going to be required. While PKI teams are generally responsible for managing public and private trust CAs and the issuance of certificates widely used for machine identities, it’s not a scalable process to support NetOps, CloudOps, DecOps and SecOps teams when security, speed and agility all matter. These groups must form a cross functional team to better manage machine identities by selecting solutions with self service capabilities for fully automating certificate lifecycle management.”
Surge in identity related cyberattacks
On the subject of cybersecurity, Palanisamy fears: “In 2024, identity related cyberattacks will be on the rise as mismanaged and misconfigured machine identities are targeted. As the enterprise perimeter blurs, traditional perimeter defences will no longer be sufficient to keep organizations safe and secure. With identities as the new perimeter, it will be critical to properly and meticulously manage trusted identities for machines, workloads, applications and cloud services.”
On thing to address is “Weak cryptography, expired certificates and misconfigured identities will open exploitable vulnerabilities that cyberattackers will target to steal proprietary information, disrupt business-critical systems and carry out ransomware attacks.”
DevOps will adopt cloud-based code signing
For DevOps in particular there will be considerable change. Looking at the current period, Palanisamy finds: “In 2023, the CA/Browser Forum passed a new baseline requirement for how code signing certificates and keys are to be securely stored. This was a direct result of several high profile cyberattacks related to compromised code signing keys and processes.”
In terms of change, Palanisamy finds: “While code signing has become essential to proving the authenticity, integrity and security of software, it is still an afterthought for many development organizations. DevOps teams will use the new CA/B Forum requirements to reinvent their code signing processes. The popularity of SaaS code signing with a cloud-based HSM will enable simplified and centralized code signing processes, support distributed developers and that meet the CA/B Forum requirements – promoting speed, agility and security through the software development lifecycle.”