Keyfactor Adds Control Plane to Manage Machine Identities
Keyfactor today added a control plane that makes it possible to unify the management of cryptography and machine identities across highly distributed computing environments.
Company CTO Ted Shorter said the Trust Control Plane streamlines certificate lifecycle management at a time when, thanks to the rise of artificial intelligence (AI) agents, the number of machine identities that need to be secured is exponentially rising.
Additionally, the Trusted Control plane, in effect, creates a control plane for managing certificates for machines at a time when their lifespan is being shortened, he added.
Cybersecurity teams also need more visibility into where and how existing certificates are running in advance of post quantum cryptography (PQC). Otherwise, cybersecurity teams will discover one day, also known as Q-Day, that a certificate that has been compromised by a quantum computer is still running somewhere within an IT environment that is not as well managed as it should be, noted Shorter.
Trust Control Plane is designed to continuously observe, analyze, provision, orchestrate, and govern digital certificates as they are issued. The overall objective is to provide cybersecurity teams with an ability to automate and govern the issuance and management of certificates as IT environments continue to evolve and expand, he added.
Ultimately, multiple factors are now converging to the point where there is a clear need to revisit how digital certificates are managed, said Shorter. The Internet Engineering Task Force (IETF) has formed a Workload Identity in Multi System Environments (WHIMSY) working group that is tasked with standardizing how software workloads can have their identities validated. Once there is a standard, the number of organizations that revisit how non-human identities are managed across their entire IT environment, noted Shorter.
Non-human identities already far outnumber human identities. AI agents add a new class of non-human identities that are more challenging to manage simply because they are much less predictable. At any given time, AI agents may be accessing massive amounts of data and then lie dormant for days. As such, it’s difficult to rely on anomalous behavior as an indication of compromise. Conversely, AI agents might create any number of compliance issues by using their reasoning capabilities to find ways to end run any cybersecurity policy that is not as explicit.
Cybercriminals, meanwhile, will view AI agents as an opportunity to potentially compromise entire workflows. Worse yet, they may try to deploy malicious AI agents into those workflows. Keyfactor is making a case for a platform specifically designed to secure non-human identities.
It’s not clear to what degree cybersecurity teams are going to separate the management of non-human and human identities, but within large organizations, the number of non-human identities that need to be managed at scale might force the issue. The challenge, as always, will be finding a way to strike a balance between the need to protect identities using certificates and the total cost of attaining and maintaining cybersecurity.
