AppViewX recognized as a Sample Vendor.
Our thoughts on Hype Cycles.
Gartner’s annual Hype Cycles serve as strategic blueprints for CISOs and cybersecurity leaders looking to invest in technology that can benefit their business. It helps them gauge the impact that upcoming, existing, or established tech could have on their businesses, and assists prospecting or purchasing decisions by suggesting timeframes for the mainstream adoption of said technology. If you’re a decision maker (or any cybersecurity professional, really), you’ll want to thumb through this document to help solidify your perspective on the business benefits of adopting tech that may have caught your attention.
This year’s Hype Cycle for IAM (Identity and Access Management) technologies covers topics that primarily focus on risk management and security. There is an increased focus on modern technology, including, but not limited to SaaS, cloud computing, mobile identities, and the IoT. This comes as no surprise, given that most of these categories (and the other topics on the Hype Cycle) are tied to the pandemic-induced paradigm of remote work in some way, shape, or form. In other words, organizations are scrambling to envision, implement, or execute their digital transformation efforts in order to allow for business to work remotely – securely and without disruptions.
“According to the 2019 Gartner CEO and Senior Business Executive Survey, 82% of CEOs have a digital transformation or management initiative, up from 62% in 2018.”
Cybersecurity leaders recognize the fact that the stakes are high this time, and are also aware that IAM plays a critical part in ensuring that their strategies for the success of remote work culture proceed smoothly. After all, there is precedent for failure – Microsoft experienced this when their popular collaboration software, Teams, was kneecapped for hours by a single expired PKI certificate, resulting in a service outage for over 20 Million users. As is obvious from this example, IAM is certainly something that must be taken very seriously.
Control Your Certificates Before They Go Rogue!
Machine Identities – an overview.
PKI certificates are critical cogs in the IAM engine, and are classified as contributors to ‘Machine Identity’. Simply put, a machine identity is a credential used by any endpoint (which could be an IoT device, a server, a container, or even a laptop) to establish its legitimacy on a network. Digital certificates provide endpoints with this identity, and enable any machine to securely communicate with other devices and applications on encrypted channels.
Now, digital transformation has led to a sharp spike in the sheer quantity of connected devices that are being used by enterprises. Naturally, every machine needs at least one certificate (and associated encryption mechanisms such as encryption keys and SSH keys) in order to be considered safe and compliant with cybersecurity policy. In most large enterprises, this means that the number of machine identities that an IT team has to oversee is usually in the high hundreds of thousands, and can easily reach tens of millions. Now, PKI is never set-and-forget. Certificates and keys have limited lifespans, and have to be continually rotated, reinstalled, and renewed – and constantly monitored to ensure that they remain valid at all times.
At enterprise scale, this is simply not a task that can be performed manually. The management of these machine identities is often siloed, and managed using either proprietary software, or spreadsheets. As a result, administrators end up with zero visibility into (and limited control over) the identities they manage, which is a catalyst for misconfiguration, outages, or even data breaches.
After all, one does not simply leverage manual methods to track the validities of thousands of certificates, issued by multiple CAs, and across myriad devices.
Machine Identity Management – a new addition to the Hype Cycle.
The aforementioned legacy and manual methods are what they are – obsolete.
We believe that Gartner, in the Hype Cycle for 2020, maintains that such siloed methods are unlikely to scale or be compatible with cutting-edge tech like the IoT, or cloud- and multi-cloud environments. Per our understanding, we see that they suggest an enterprise-wide shift to ‘Machine Identity Management’ strategies, which is made possible by various software vendors who build software especially for this purpose. The ultimate goal is to use a centralized tool to manage PKI, secrets, encryption keys, SSH keys, and every other provider of machine identities, and enable teams to manage more identities, with less effort. In short, crypto-agility and full visibility into PKI would be desirable outcomes in the journey towards full digital transformation.
It’s worth noting that the Hype Cycle recognizes Machine Identity Management’s benefit rating as ‘high’ in the near future.
From the report, we also understand that Gartner provides the following advice to leaders looking to obtain Machine Identity Management systems for their organizations (details in the full report):
- Gain full visibility into environments using discovery processes – understand where each certificate and key is located/installed on
- Opt for full-lifecycle management solutions with free-form automation capabilities
- Ensure that the solution has built-in integrations with the necessary systems (containers, for instance)
- Ensure that the solution allows for crypto-agility
We further understand from the report, that the Hype Cycle goes on to outline some key business benefits of adopting Machine Identity Management as an organization-wide practice, and critical arguments that security leaders would find useful before making a buying decision. It also lists 10+ selected vendors of Machine Identity Management solutions, where AppViewX is named as a Sample Vendor. For more details and comprehensive insights, download the Hype Cycle by clicking here.
Picking a Solution.
If you’ve gotten this far, you may be interested in obtaining a similar solution for your organization in order to scale more efficiently and hedge yourself against security risks.
This begs the question – what are the criteria you must look out for when you evaluate a solution?
- For starters, ensure that it’s future-proof. You don’t want to be stuck with a solution that runs on legacy tech, and has to undergo forklift upgrades every time you require changes to be made to it.
- Look for scalability. The solution must be built on modern architecture (like containers) that can start small, and scale upward on-demand.
- Don’t box yourself in. Check to see if it integrates with the vendors you already use today (CAs, DevOps tools, ITSM tools, AD systems?). You shouldn’t have to shift your entire vendor ecosystem because your Machine Identity Management solution has compatibility issues.
AppViewX doesn’t provide just Machine Identity Management solutions.
AppViewX has been recognized as a Sample Vendor in this year’s Hype Cycle.
While certificate and key lifecycle management capabilities are some of our key features, AppViewX is a lot, lot more than just that. We’re not only an end-to-end automation and orchestration solution for PKI and machine identities – but also a low-code workflow automation engine that makes crafting workflows quick, easy, and convenient.
Apart from providing a full range of certificate management functionality (discovery, monitoring, renewals, revocations, installations, and more), we’ve also gone the extra mile to ensure that the product integrates with almost every other associated product in the market – be it CAs, HSMs, ITSM, IAM, PAM, DevOps, or Cloud solutions. Available both on and off the cloud, its modular, microservices-based architecture allows it to be set up in any pre-existing environment and start managing all the machine identities associated with it.
It’s worth noting that AppViewX is built on architecture that allows for rapid set-up and scaling on-demand – as you’ll see if you…
…get in touch!
Once you peruse the Hype Cycle, you might be interested in implementing a solid Machine Identity Management framework within your organization. We’d be happy to discuss how we can help your organization get to where you want it to be (and the benefits you stand to realize by doing so)!
Intrigued? Simply register for an exploratory session with us, and wait for our call.
*Gartner Hype Cycle for Identity and Access Management Technologies 2020, Ant Allan, 16 July 2020
*Gartner does not endorse any vendor, product, or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.