With every networked machine, every new sensor and every digital control system, the number of machine identities grows. This is accompanied by considerable security risks.
With every networked machine, the number of machine identities in the smart factory grows and with it the security risk.
These security risks can only be mitigated with a holistic approach to identity security. In recent years, most manufacturing companies have increasingly networked their machines and systems and added new sensors and IoT devices. The benefits are obvious and range from higher production quality and lower costs to fewer malfunctions and failures. Digitalization and AI also help to optimize supply chains and shorten delivery times. However, the increasing digitalization of manufacturing also has its downsides, as cyber criminals are finding new points of attack to paralyze systems for cyber extortion or steal valuable intellectual property such as design data and process technology.
One of the biggest weaknesses of Industry 4.0 and the smart factory are the many machine identities. They are the basis for
the communication of the control systems with the machines and systems,
data exchange with MES and ERP systems,
data collection with countless new sensors and
the analysis of data with AI applications in the data center or the cloud.
Depending on the company, this can quickly add up to tens of thousands or even hundreds of thousands of identities - their number has long since significantly exceeded that of human identities. According to Cyberark's 2025 State of Machine Identity Security Report, most manufacturing companies now have up to five times as many machine identities as human identities, with six percent having more than a hundred times as many. And there is no end to this growth in sight: three quarters of manufacturing companies expect the number of machine identities to increase further over the next twelve months.
In addition, companies are not only networking their production facilities more closely, but their products are also increasingly connected to other devices or the cloud.
Such networked products are particularly interesting for cyber criminals: if they can compromise the identity of the associated cloud service or the identity used to sign software updates, all connected devices are open to them. They are able to manipulate updates and siphon off data - a danger that also threatens production environments that are connected to the cloud or equipped with many IoT devices. Just one compromised identity can put an entire company at risk.
Identity Diversity Overwhelms Companies
In addition to the sheer mass of machine identities, it is above all their diversity that makes management so challenging for manufacturing companies. These include API keys, tokens for service accounts, SSH keys and SSH certificates, JSON web tokens as well as keys and certificates for the certification of software and code.
Administration is carried out via various management systems and sometimes simple Excel lists in which responsibilities and process data are noted. Consistent guidelines for identity security can hardly be implemented in such environments - especially as there are many shortcuts and workarounds to reduce the effort involved in the largely manual processes. For the sake of simplicity, secrets are permanently stored in applications and devices or certificates with extremely long validity periods are issued.
All of this is extremely risky: hard-coded secrets are easy prey for cyber criminals and, as they are never replaced, give them permanent access to applications and devices. Particularly in production facilities that are largely isolated, intruders then have a free hand and the damage is difficult to repair remotely.
The situation is similar with certificates, which are rarely renewed. They can be misused for a very long time after being compromised and are also a kind of ticking time bomb within the production environment.
After all, employees generally lack an overview of when which certificates expire - and those who have installed them may no longer even be companies.
It is therefore hardly surprising that 57% of manufacturing companies have experienced certificate-related outages in the past twelve months, according to the Cyberark report. Almost a third also had to deal with security incidents that could be traced back to compromised identities - and in many cases even led to the loss of existing (14%) and potential customers (27%).
Date: 08.12.2025
Naturally, we always handle your personal data responsibly. Any personal data we receive from you is processed in accordance with applicable data protection legislation. For detailed information please see our privacy policy.
Consent to the use of data for promotional purposes
I hereby consent to Vogel Communications Group GmbH & Co. KG, Max-Planck-Str. 7-9, 97082 Würzburg including any affiliated companies according to §§ 15 et seq. AktG (hereafter: Vogel Communications Group) using my e-mail address to send editorial newsletters. A list of all affiliated companies can be found here
Newsletter content may include all products and services of any companies mentioned above, including for example specialist journals and books, events and fairs as well as event-related products and services, print and digital media offers and services such as additional (editorial) newsletters, raffles, lead campaigns, market research both online and offline, specialist webportals and e-learning offers. In case my personal telephone number has also been collected, it may be used for offers of aforementioned products, for services of the companies mentioned above, and market research purposes.
Additionally, my consent also includes the processing of my email address and telephone number for data matching for marketing purposes with select advertising partners such as LinkedIn, Google, and Meta. For this, Vogel Communications Group may transmit said data in hashed form to the advertising partners who then use said data to determine whether I am also a member of the mentioned advertising partner portals. Vogel Communications Group uses this feature for the purposes of re-targeting (up-selling, cross-selling, and customer loyalty), generating so-called look-alike audiences for acquisition of new customers, and as basis for exclusion for on-going advertising campaigns. Further information can be found in section “data matching for marketing purposes”.
In case I access protected data on Internet portals of Vogel Communications Group including any affiliated companies according to §§ 15 et seq. AktG, I need to provide further data in order to register for the access to such content. In return for this free access to editorial content, my data may be used in accordance with this consent for the purposes stated here. This does not apply to data matching for marketing purposes.
Right of revocation
I understand that I can revoke my consent at will. My revocation does not change the lawfulness of data processing that was conducted based on my consent leading up to my revocation. One option to declare my revocation is to use the contact form found at https://contact.vogel.de. In case I no longer wish to receive certain newsletters, I have subscribed to, I can also click on the unsubscribe link included at the end of a newsletter. Further information regarding my right of revocation and the implementation of it as well as the consequences of my revocation can be found in the data protection declaration, section editorial newsletter.
Visibility Is the Top Priority
If manufacturing companies want to better protect machine identities and thus their infrastructures, they must first establish visibility across all locations - because ultimately they can only secure what they know.
Network monitoring and active scans for devices and identities not only provide an inventory, but also help to detect new machine identities or changes to existing identities. Building on this, classic risk management is required to assess threats to identities, the probability of occurrence and the impact of a compromise in order to set priorities and define suitable protective measures.
Here it is particularly important to pay attention to which systems and applications need to be accessible from outside the company network and which are located in the cloud. They are particularly at risk and should be secured as a matter of priority.
The next step is to clarify responsibilities: Who creates and manages secrets and certificates? Who defines guidelines, such as how long keys must be and how regularly they are exchanged? Who is responsible for enforcing the guidelines and implementing best practices in administration?
Only once such questions have been answered should processes for managing identities, secrets and certificates be set up. Modern management solutions bundle these processes in a central location and ensure complete automation so that employees do not have to deal with the manual issuing, renewal or deletion of certificates, for example. Due to the large number of certificates, this would hardly be possible anyway and would only slow down the tightly synchronized processes in production.
In short: Human employees should not have to deal with machine identities and be responsible for their lifecycle when these identities can be managed much faster and more reliably using automation.
With intelligent authorization controls, companies ensure that each identity is correctly authenticated and only has access to the resources it is allowed to access. When assigning authorizations, companies should also implement the principle of least privilege, i.e. only assign the minimum necessary authorizations. In many cases, such as with particularly vulnerable identities in the cloud, it may even make sense to assign no authorizations at all (zero standing privileges) and only assign privileges to the identities concerned on a session basis when required.
Replacing Old Ways of Thinking
Many modern solutions for managing identities, secrets and certificates are now available as software as a service (SaaS) in the cloud. Companies should not turn a blind eye to these solutions simply because they adhere to old ways of thinking and try to isolate their production sites and keep them largely offline. This is because they often only have access to outdated technologies and security systems that hinder innovation and do not offer comprehensive transparency - especially not across all locations.
In addition, identity or encryption policies developed ten or 20 years ago are no longer suitable for today's IT environments and cyber threats. This gives companies the opportunity to introduce new innovative solutions and policies that were unimaginable when Y2K was their biggest challenge.
In addition, manufacturing companies will have to deal with the issue of quantum computing in the medium term, as powerful quantum computers pose a huge threat to the traditional encryption and signature processes on which identity security is currently based.
For critical systems in particular, companies should therefore draw up a timetable for the introduction of quantum-safe algorithms and protocols - established security providers and their partners can provide support. Creating visibility and driving automation are important first steps to prepare for the post-quantum era.
Kevin Bocek is Senior Vice President of Innovation at Cyberark
:quality(80)/p7i.vogel.de/wcms/f9/7d/f97deef8fde21c8630d76411b18a20a7/0129803665v1.jpeg "Skoda has invested well over 220 million US dollars in the high-tech battery plant that has now opened in Mlada Boleslav. It has now started its work, which is highly automated ... (Image:Skoda)")
:quality(80)/p7i.vogel.de/wcms/f5/61/f561ad7c72ed41fd7a67ad9c481cb15d/0129799343v1.jpeg "Engine-generator units (MGU) from Steyr Motors are at work in the Leopard 2 main battle tank and the Leguan bridge vehicle (pictured). An extended contract is now to secure at least 500 more systems of this type for the Bundeswehr ... (Image:German Armed Forces)")
:quality(80)/p7i.vogel.de/wcms/6c/b5/6cb5ce2155433f6e73b16399adc4c561/0113143253v1.jpeg "In our China Market Insider we regularly provide you with relevant information directly from China. (Image:© Eisenhans - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/7f/fd/7ffd32863352c40f562f4245e4766e61/0129745849v1.jpeg "After US President Donald Trump once again resorted to his favorite weapon, tariffs, concerns rose in the EU that the so-called tariff deal could become invalid. But it looks as if the sea remains relatively calm ... (Image:F. Schneidler)")
:quality(80)/p7i.vogel.de/wcms/9c/ac/9cac6246660e746c5a3989399ac4d250/0128561645v1.jpeg "Artificial intelligence can drive efficiency in smart factories through centralized data management and predictive maintenance. (Picture: ©Fardived - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/6b/e2/6be235b5ad8a442ccd9d164b0b300d8b/0129763992v1.jpeg "As early as 2020, the Zimmer Group announced that it would convert its production to be sustainably CO2-neutral. (Image:Zimmer Group)")
:quality(80)/p7i.vogel.de/wcms/d4/ba/d4bab9481e66f8570f40eb8ef2a90198/0129795613v1.jpeg "A camera inspection during removal ensures that the components are placed correctly in the KLTs. (Image:Yaskawa Europe)")
:quality(80)/p7i.vogel.de/wcms/cb/56/cb56e42b01638b618e8d1b9b38f32faa/0129810132v1.jpeg "From summer 2026, \"AEON\" will support people at the BMW plant in Leipzig. (Image:diephotodesigner.de/BMW)")
:quality(80)/p7i.vogel.de/wcms/b5/5e/b55ed9355e0395ec0caf111d6af6b494/adobestock-495980372--c2-a9-20natali-mis-20-e2-80-93-20stock-adobe-com-6720x3778v1v1.jpeg "Which engineering skills will be in vogue in 2026? (Image:natali_mis - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/bf/a5/bfa5d882e93f159ce93e933742272b00/nord-vibn-cmyk-2196x1235v1v1.jpeg "With digital twins for virtual commissioning, Nord supports customers in ensuring that systems are available more quickly, even with complex drive systems. (Image:Nord Drivesystems)")
:quality(80)/p7i.vogel.de/wcms/f5/7e/f57ef535ee35e7b3b7ff15a8a63cef10/eds-keyvisual-8000x4496v1.jpeg "(Source: European Defence Supply)")
:quality(80)/p7i.vogel.de/wcms/af/a3/afa312176d956068af20491957eef642/newsimage418262-3100x1745v1v1.jpeg "The autonomous shuttle of the Aula AI project during a demonstration of sensor data with artificial fog. (Image:University of Magdeburg)")
:quality(80)/p7i.vogel.de/wcms/cb/23/cb23acd8e9de969d52522692b62b1892/0129680605v1.jpeg "The Z22198 is an extremely compact, three-axis IEPE acceleration sensor for measuring oscillations (vibrations) and shocks in demanding applications. With an edge length of just 0.24 inches and a weight of 0.03 ounces, it is ideal for lightweight structures and confined spaces. (Image:Copyright 2020 ScROGERS,All Rights Reserved)")
:quality(80)/p7i.vogel.de/wcms/c4/40/c44043c61f9dd99b80ccca398c284018/0129795093v1.jpeg "Subaru manufactures the E-Outback at its Yajima plant, marking the first time it has produced an electric vehicle in-house. (Image:Subaru)")
:quality(80)/p7i.vogel.de/wcms/fe/18/fe1824e572677900655c854f6c92c391/0129811281v1.jpeg "BMW and CATL deepen their partnership and work together on the battery pass. (Image:BMW)")
:quality(80)/p7i.vogel.de/wcms/15/54/15546b27b3a679871325ef6d92509a95/0129750872v1.jpeg "Webasto plans to open its third plant for sunroofs in India. (Image:Webasto)")
:quality(80)/p7i.vogel.de/wcms/70/14/70142aa050f8d3f7784c5ddbb2aba5f1/0129778339v1.jpeg "The software investments in production have saved time in Lacon production. (Image:Lacon)")
:quality(80)/p7i.vogel.de/wcms/5c/0f/5c0fee074c4b6c8e8c0993f3217c2f5a/0129773718v1.jpeg "The General Fusion demonstration reactor. (Image:General Fusion)")
:quality(80)/p7i.vogel.de/wcms/7f/c1/7fc1c83b8509df676d27518b82aaef02/0129764984v1.jpeg "China Resources Microelectronics (CR Micro) has announced its intention to increase the prices of its own products. (Image:China Resources Microelectronics)")
:quality(80)/p7i.vogel.de/wcms/eb/4e/eb4e449562174ec95a5b3d30fb0137a2/0129648135v1.jpeg "The III-V germanium PV module with an efficiency of 34.2% is currently the most efficient solar module in the world. (Image:Jacob Forster)")
:fill(fff,0)/images.vogel.de/vogelonline/companyimg/76800/76895/65.jpg "FAULHABER_120mm.jpg ()")
:fill(fff,0)/p7i.vogel.de/companies/69/88/69882c428938e/tmts2026-ticec-banner-en-2000px.png "tmts2026-ticec-banner-en-2000px (https://www.tmts.tw/en)")
:fill(fff,0)/p7i.vogel.de/companies/67/eb/67eba621ef6ea/logo2.png "logo2 (Wuxi InfiMotion)"){kind=logo}
:quality(80)/p7i.vogel.de/wcms/df/f3/dff30c5de63d1bad70cb7151099603c1/0128907889v1.jpeg "The focus of the solution is on the technically simple and data-sovereign implementability of complex regulatory requirements. (Image:MTG AG)")
:quality(80)/p7i.vogel.de/wcms/f4/61/f4615bc4550548c72a754f3e2c58f859/0128580377v1.jpeg "According to a VDMA survey, companies expect cybersecurity incidents to increase in the coming years. (Picture: ©valerybrozhinsky - stock.adobe.com)")