International Guest Speaker Tammy Moskites at AISA Melbourne Branch Meeting

August, 2017

For those of you who missed out, Tammy Moskites, CISO and CIO at Venafi, kindly shared her key takeaways for members who were unable to join us: 
Machine identity management is often an overlooked but critical facet of identity management.  There are two actors on a network, people and machines. People use user names and passwords to identify and get access to machines. Machines use keys and certificates to identify and get access each other.  Billions of dollars have been spent protecting user names and passwords and almost nothing protecting keys and certificates—organizations are realizing that protecting keys and certificates is as important as protecting user names and passwords, if not more important. The problem is continuing to grow and the number of machines and things on a network is growing extremely fast, much faster than the number of people. Devices are growing exponentially (in contrast to people) and by 2020 there will be 20 billion IoT devices in use.
The risks of inaction include:

  • Code signed malware bypasses security controls
  • Man-in-the middle attacks enabled by misused certificates
  • Compromised CAs threaten trusted status
  • SSH keys leave with terminated employees
  • Spoofed websites use stolen or forged SSL/TLS keys and certificates
  • Impacting outages due to expiry

Comprehensive Machine Identity Protection Management should include:

  • Global Intelligence and visibility
  • Risk and Reputation Scoring
  • Orchestration and Governance and
  • Remediation and Verification