So then, what’s machine identity management? It’s really the broader concept around how you have all of those individual pieces that are very important, because it’s what gives somebody authentication and access to something: How do you issue it securely? How do you maintain it? How do you rotate it, refresh it, or revoke it? These are terms that we talk about in certificate and key management all the time. So that’s what the concept is: first, understand where and how you need to use these secret pieces; and then second, how to manage them in a very secure way.
The last part of your question is really around who is responsible for this. There’s a couple different pieces, I think, when it comes to this. If you are new to this as an OEM, as a plant operator, as someone who has been charged with trying to manage these types of things, know that you’re not alone! Know that there are partners and people that can help you figure this out, and there are best practices out there. That’s partially why we released this report, is so that others can read it and learn it and understand what the risks are, and how you can help to mitigate them. That’s really the bottom line.
PS: What are some of the things that can go wrong without effective machine identity management?
EB: Let’s start with the first thing, which is, if any of these identities, these secure machine identities have an expiration date on them, if you’re using a certificate and it expires, your line could go down. We have had people come to us and say, “this has happened,” and “when a line goes down every minute it’s dollars and we’re not making product and we’re not delivering to our customers,” and that kind of thing. You have to make sure that you don’t let those keys and certificates get out of date because then your operations and your applications won’t work, so that’s one directly tied to business.
There could be misconfiguration, which then you expect something to be able to authenticate and connect, and it can’t, and that also becomes a reliability issue. And then lastly, I would say if there is lack of knowledge about where and how all of these identities are used. It’s almost an impossible nightmare of this web of identities that you’re trying to (1) discover, (2) get under control, and (3) manage at scale. As we have more and more devices and things that are needing to connect, especially when it comes to using IoT in the factory, we have to start to be able to use a more automated process for issuing and provisioning, and then re-enrolling and then eventually revoking.
PS: That’s fascinating. I mean, I’ve heard anecdotally here and there about lost asset issues, when someone forgets where the sensor was placed if it’s not networked up.
EB: Yeah, how do you find it? It’s just like a needle in the haystack walking around the factory. And I can imagine for global companies with hundreds of factories around the world, if you’re an operations leader and you want visibility into that, and you want to streamline things, you’ve got to have more visibility into it, for sure.
This story originally appeared in the May 2021 issue of Plant Services. Subscribe to Plant Services here.