Nonhuman identity security is getting board-level attention
Has your organization addressed nonhuman identity security? NHI attacks are becoming more prevalent and need to be a part of enterprise security strategies.
- Todd Thiemann,
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
Nonhuman identity security has generated a wave of recent interest, and enterprises are realizing the importance of addressing this widening attack surface.
Most people associate the term identity with identity and access management for human identities, be it workforce or customer identities. Yet not all identities are human. Recent organizational changes -- such as the proliferation of cloud services, modernized development processes including microservices-based applications having connections to resources and data, and increased DevOps automation -- have created a rapid proliferation of nonhuman identities (NHIs) and workloads that expand the enterprise attack surface.
Consider these recent incidents, all of which had NHIs at their root: 2023 saw compromises at Okta and Cloudflare, and 2024 saw the Sisense customer data breach, the New York Times source code leak and the Internet Archive breach make news.
NHI is an umbrella term covering service accounts, bots and robotic process automation, OAuth tokens, digital certificates, secrets, workloads and more. NHI is sometimes referred to as machine identity or workload identity.
Informa TechTarget's Enterprise Strategy Group published a study on NHI security and management in December. We surveyed IT, cybersecurity, DevOps, platform and security engineering professionals involved with technologies and processes that secure NHIs. The research examined the volume of NHIs, products and services deployed to secure and manage the environment, security incidents related to NHIs, the players involved in decisions and budget intentions.
While the study contained a wealth of information, something that jumped out was how frequently NHI security incidents occur.
In fact, 46% of respondents said they know they have had nonhuman accounts or credentials compromised, and an additional 26% said they might have had an NHI compromise. Note, however, that a compromise does not necessarily lead to a data breach.
When we drilled down about successful cyberattacks resulting from compromised NHIs, 66% of enterprises said they have experienced a successful attack, with 25% responding that they encountered multiple attacks.
Boards are aware of NHIs
NHI compromise is a significant business concern. The research found that a majority (57%) of NHI compromises got board-level attention. NHI security incidents created significant business consequences, and business leaders recognize and want to mitigate that risk. Security teams should explain their strategy for mitigating risks associated with the enterprise NHI portfolio.
NHI security is rapidly becoming a top priority as security leaders come to terms with the attack surface APIs present, the lack of visibility into that attack surface and the need for adequate controls to mitigate the security risks associated with NHIs.
Security and identity leaders and practitioners who haven't done so already need to address this attack surface. The space is broad with a variety of tools and technologies coming into play. Existing identity technology providers might have pieces of the solution, while other pieces can be found from innovative startups in the NHI security space.
If you are an innovator in NHI security, or identity security generally, I want to understand what you are doing. You can reach me on LinkedIn or send an email to [email protected].
Todd Thiemann is a senior analyst covering identity access management and data security for TechTarget's Enterprise Strategy Group. He has more than 20 years of experience in cybersecurity marketing and strategy.
Enterprise Strategy Group is a division of TechTarget. Its analysts have business relationships with technology vendors.
