The growth of machine identities and the associated risks
Machine identities are experiencing exponential growth, with 79% of organizations predicting increases over the next year and 16% of those expecting radical growth of 50 to 150%. Cloud-native technologies, microservices, and artificial intelligence (AI) drive this surge because they’re environments where identities are created and discarded dynamically in minutes.Unfortunately, this growth comes with amplified risks. Half of the surveyed organizations experienced security breaches tied to compromised machine identities within the past year.These incidents caused widespread impacts, including:
51% faced delays in application launches, stalling production timelines.44% reported outages, damaging customer experiences.43% experienced unauthorized access to sensitive systems or data.Cybercriminals are increasingly targeting machine identities, such as API keys and SSL/TLS certificates, which were leading causes of incidents; each were exploited in 34% of cases. These highly vulnerable identity types are becoming prime entry points for attackers.
Challenges in securing machine identities
Organizations are contending with numerous obstacles in safeguarding their machine identities. Among the most significant challenges highlighted in the report are:
Under-management: A staggering 77% of leaders believe every undiscovered machine identity is a potential vulnerability. Poor visibility further exacerbates this situation.Siloed ownership: With roles divided between security (53%), development (28%), and platform (14%) teams, fragmented management leads to inefficiencies and gaps in protection.Changing lifecycles: As credentials become more short-lived, 37% of leaders report difficulty keeping up with their accelerated renewal and rotation requirements.Cloud-native complexity: The dynamic nature of cloud environments adds singular challenges. The vast majority (74%) of security leaders are concerned about managing identities in these ephemeral workloads.
Understanding the consequences of certificate-related outages
Another pressing issue involves certificate-related outages, which impacted 72% of organizations in the previous 12 months. These outages resulted in business-critical system failures, customer dissatisfaction and compliance challenges. With 45% of teams reporting outages weekly”, up from just 12% in 2022″, the urgency to address this issue is evident.Automating certificate lifecycle management is essential to securing machine identities and preventing certificate-related outages. Yet, a surprising 34% of organizations continue to rely on manual processes, leaving them vulnerable to operational disruptions and delayed response times. By automating processes such as certificate rotation, renewal and revocation, organizations can reduce risks tied to expired credentials, improve visibility and scale their management capabilities.
AI’s role in the rising threat landscape
Artificial intelligence has brought tremendous innovation, but it also demands stronger machine identity protections. AI systems, such as generative AI and agentic AI, rely on machine identities to prevent unauthorized access, manipulation, or hijacking.Eighty-one percent of security leaders identify machine identity security as vital for safeguarding AI. With threats rising, 72% of organizations expect priorities to shift toward directly protecting AI models from compromise. Machine identity solutions are also increasingly critical for securing assets such as large language models (LLMs), which require robust layers of protection to prevent exploitation.
Preparing for future challenges in machine identity security
Looking ahead, organizations face even more daunting challenges, including quantum computing and certificate authority (CA) distrust events.
Quantum computing threats: Over 57% of leaders acknowledge quantum computing’s threat to encryption, yet 30% of organizations are unprepared to begin transitioning to quantum-resistant cryptography.Certificate authority (CA) distrust events: 71% of leaders fear their certificate authority could become untrusted, underscoring the importance of crypto-agile strategies.Shortened certificate lifespans: The anticipated reduction of public TLS certificate lifespans to 47 days by 2028 means nine times more rotations will be required. Teams must adopt automation solutions to maintain security without hindering operational efficiency.
Building a cyber resilient future
Machine identity security cannot be an afterthought. With machine identities already outnumbering humans and their importance growing, protecting these credentials is critical to enabling secure, innovative operations.By using automation, enhancing visibility and preparing for emerging challenges like quantum computing, organizations can help safeguard their critical systems and scale with confidence. The time to act is now”, machine identity security is not just a technical requirement; it’s a business imperative for resilience and growth.Check out the full report to see how your organization’s machine identity security challenges compare to those of your peers.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3951921/the-urgent-reality-of-machine-identity-security-in-2025.html
