Ep. 70 How to Manage Machine Identities

May 16, 2023

If you can distill today’s cybersecurity recommendations down to one word, that word me be “trust.” We have Executive Orders that talk about “trust” in digital architecture. Look at the motto for today’s enterprise architecture, “Zero Trust Architecture.”

The way most of us apply this trust is to garden a variety of humans. This may involve using some kind of a system to assure that a person is a human they represent themselves to be. Kevin Bocek from Venafi states machines interact on networks more than humans.

It seems warmer to call them “nonperson entities,” but no matter what nomenclature you use these machines are subject to the same foibles as humans, even something as mundane as not working.

During the interview today, Kevin Bocek answers questions federal technology professionals may have when it comes to why they should be concerned. This is especially true when it comes to working in a cloud-native world.

" most web browsers today won't let you do that or enter a credit card unless there's a machine identity"

Kevin Bocek, Venafi Tweet

Kevin points out that many may be familiar with a concept like Software Development Lifecycle but may not realize that we also have a Certificate Lifecycle that needs to be managed. He mentions the popular idea of including cybersecurity concepts early in the development process, what is known as “shift left.”

Traditionally, developers are under the gun to produce code in a typical production process. As a result, it is possible that they may not want to waste time with the laborious manual process of requesting and deploying machine identities. One approach might be to use systems that automate that process before the code is deployed.

Looking at your federal network and considering machine identity can be the first step in a zero-trust journey.

If you enjoyed this article, you may want to listen to Ep. 64 Open Source Software and Federal Security