The Hidden Importance of Machine Identities in Cloud Native Security
February 05, 2024

Sitaram Iyer
Venafi

A competitive edge in today's on-demand, software-first economy can be quantified in terms of weeks, days, or even hours. Quickness prevails. In order to have a competitive edge, companies today must innovate and move fast, and in high-pressure times, security and developer teams need to work together quickly and efficiently to protect their organizations.

The field of cloud native development is rapidly evolving, but during this shift to modern environments such as Kubernetes, many DevOps teams are putting security on the back burner in a rush to move to cloud native environments. This is opening the door to a wide array of new security risks and numerous opportunities for unscrupulous cybercriminals — and machine identities are a prime example of this. The number of machine identities used by organizations has continued to increase year over year, creating an ever-growing security risk that cybercriminals are looking to exploit.

According to a 2023 Venafi survey, 84% of security and IT leaders anticipate that Kubernetes will soon be the primary platform used to construct all applications as cloud native development is becoming increasingly popular and Kubernetes has become the de facto norm. However, 75% think that the speed and complexity of cloud native development introduce new security blind spots.


The actual move to cloud native environments comes with its own set of challenges and risks, and many development teams fail to take the time to properly and safely transition their data and applications. While 87% of security and IT leaders have started to move legacy applications to the cloud, many did not optimize for cloud native. More than half (53%) simply did a lift and shift to the cloud with most application code remaining the same.

Developers are more likely to prioritize speed above security when given the option, with 68% of security and IT leaders concerned that developers may not always utilize certificates since issuing them causes additional friction in development processes. Since code signing slows down development, over half (47%) of security and IT officials acknowledge they do not require it for artifacts.

So what role does machine identity management play in the rapid corporate transition to a cloud native environment? Machine identities are the cornerstone of cloud native security since they secure all connections and facilitate authentication and authorization for workloads within and across clusters. However, if machine identities are not readily accessible throughout the development process, developers could be tempted to circumvent the proper use of machine identities by taking security shortcuts and creating workarounds. This can often lead to security teams not having the right visibility into how machine identities are fulfilled, potentially risking CA compromise especially when workloads are signed with a CA that is bootstrapped without proper controls and governance.

Among security and IT leaders, 88% believe that machine identity management is key to the success of zero trust models, but 74% of security and IT leaders worry that developers are challenged with several conflicting priorities — meaning security is not always top of mind. To address this challenge, developer teams need to work together with security teams to make security a priority. Key to this is managing all machine identities across their org — which can only be done effectively through the two teams working together.

Machine identities are paramount to securing cloud native resources and sensitive microservices that are accessible from anywhere on the Internet. Organizations must identify a wide array of cloud native machines, such as containers, microservices, DevOps artifacts, API connections, and more, to properly implement the newest technological advancements. All these networked cloud native computers need to be able to quickly authenticate themselves to one another to function securely. Balancing security and the need to keep up with the rapid pace of innovation today is critical to ensuring that organizations do not become vulnerable to a growing number of cybersecurity threats.

Sitaram Iyer is Senior Director of Cloud Native Solutions at Venafi
Share this

Industry News

February 29, 2024

ManageEngine, the enterprise IT management division of Zoho Corporation, announced the integration between Endpoint Central, its flagship unified endpoint management solution, and Check Point's Harmony Mobile, a leading mobile threat defense solution, to help IT security teams automate the remediation of mobile threats.

February 29, 2024

Stack Overflow and Google Cloud announced a strategic partnership that will deliver new gen AI-powered capabilities to developers through the Stack Overflow platform, Google Cloud Console, and Gemini for Google Cloud.

February 29, 2024

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the graduation of Falco, a cloud native security tool designed for Linux systems and the de facto Kubernetes threat detection engine.

February 28, 2024

JFrog announced a new technology integration with Qwak, a fully managed ML Platform, that brings machine learning models alongside traditional software development processes to streamline, accelerate, and scale the secure delivery of ML applications.

February 28, 2024

ServiceNow, Hugging Face, and NVIDIA, announced the release of StarCoder2, a family of open‑access large language models (LLMs) for code generation that sets new standards for performance, transparency, and cost‑effectiveness.

February 28, 2024

GMO GlobalSign announced the availability of an Issuer for Kubernetes cert-manager.

February 27, 2024

MacStadium announced the launch of its online community to deepen the connections of application developers through knowledge sharing and collaboration.

February 27, 2024

Octopus Deploy announced the acquisition of Codefresh Inc.

February 26, 2024

Intel announced its new Edge Platform, a modular, open software platform enabling enterprises to develop, deploy, run, secure, and manage edge and AI applications at scale with cloud-like simplicity.

February 26, 2024

Tray.io announced AI-augmented API Management, a new Tray Universal Automation Cloud capability that turns any new or existing workflow into a reusable API, significantly decreasing the technical debt associated with the operational effort and costs of traditional API management (APIM).

February 26, 2024

Bitwarden Secrets Manager is now integrated with Ansible Playbook.

February 22, 2024

Check Point® Software Technologies Ltd. introduces Check Point Quantum Force series: an innovative lineup of ten high-performance firewalls designed to meet and exceed the stringent security demands of enterprise data centers, network perimeters, campuses, and businesses of all dimensions.

February 22, 2024

Tabnine announced that Tabnine Chat — the enterprise-grade, code-centric chat application that allows developers to interact with Tabnine AI models using natural language — is now available to all users.

February 22, 2024

Avaamo released Avaamo LLaMB™, a new low-code framework for building generative AI applications in the enterprise safely, securely, and fast.

February 21, 2024

CAST announced the winter release of CAST Imaging, an imaging system for software applications, with significant user experience (UX) enhancements and new features designed to simplify and accelerate processes for engineers who develop, maintain, modernize, complex software applications.