Security News > 2022 > January > The importance of securing machine-to-machine and human-to-machine interaction

The importance of securing machine-to-machine and human-to-machine interaction
2022-01-21 06:30

Typically, these are kept safe by hardware-based cryptographic solutions known as Hardware Security Modules, or HSMs. This chainlink of using a new secret to protect a secret is known as the Secret Zero Problem.

Secrets management should be done in a way where both users and machines have a secure, transparent, and scalable way to obtain, issue, and revoke secrets.

If you dynamically create secrets with just enough privileges that the human/machine identity is authorized for, and revoke access after a reasonable/predetermined time period, you greatly reduce the opportunity that an attacker has to compromise that secret.

It starts with the creation or generation of a secret, which again can be a credential, key, certificate, or password used by either a machine or human to access a workload. The creation of a secret can be done manually, or automatically.

In the case of static secrets, there's the option to rotate it and change the secret at a set interval.

The current state of secrets management is that there is a rapidly growing awareness of the importance of securing machine-to-machine and human-to-machine interaction, among security professionals as well as DevOps teams, especially as organizations transition to hybrid multicloud infrastructure and containerized workloads.


News URL

https://www.helpnetsecurity.com/2022/01/21/manage-secrets/