Why inhuman identity management-accessible cybersecurity limit

Modern enterprise networks are very difficult conditions that rely on hundreds of applications and infrastructure services. These systems must interact securely and effectively without constant human supervision, exactly where inhuman identities come (NHIS). In some businesses that are now 50 to 1.

However, NHIS introduces unique risks and management problems that have security leaders. Over the past year, forty -six percent of organizations have compromised account or NHI powers, and another 26% suspect they have, A a Last Report Strategy Group Enterprise.

No wonder NHIS – and the difficulties they pose, risk reduction, and management – were a recurring theme on the Ciso Okta Forum. Here we look at their growth, risks and how CISO and security leaders are running today.

A spectacular lift nhis

NHIS enlargement can be traced to increase the use of cloud services, AI and automation and digital workflows. This is a trend that will probably continue, as more and more tasks are automated and people are less in equation.

NHIS allows applications to undergo authentication, both in a certain domain and with other applications such as Cloud Services. These secrets, keys and tokens are as sensitive as the powers used by humans, and in some cases, especially since they can provide the enemy with powerful access to specific applications and services when they are traced.

Ciso take note. Actually over 80% of organizations are waiting Increase in the cost of inhuman security.

According to Mark Satton, Ciso in Bain Capital, “inhuman identities have become the focus of teams based on their identity and access management programs. This quickly becomes the next hot fire because people are somewhat heated by users.

Simply put, when organizations set strong protocols to ensure human identity, the logical next step is the fight against NHIS. “This, and inhuman identities, are part of the threatening landscape, and that’s where the following attackers.”

Secret leak and other NHIS risks

Like any other set of powers, nhis is sensitive and must be protected. But while people can use reliable security measures such as Foreign Ministry or Biometry to protect sensitive powers, NHIS often relies on less secure measures to authenticate. This can make them simple goals for attackers.

NHI’s secrets leak can also cause a serious problem. This can happen in different ways, whether through the rigid coding to the source code of the application or accidentally copy and strengthen them into a public document. Secret leak is a serious problem, and secrets are often found in Github repository. Really, a protective firm GitGuardian found over 27 million new secrets in public repositories last year. This causes an even bigger problem when you consider that NHI secrets are not very often rotating in most environments, so the useful life leaks can be quite long.

And, as they often require extensive and sustainable permits to complete the tasks, NHIS can accumulate excessive permits, which further increases the surface of the attack. All this makes the NHIS main purpose for the attackers and the main problem for CISO and their security teams.

Three problems facing cisos when providing NHIS

While NHIS is now on the Cisos radar, fixing them is another story. Here are the three problems we hear from CISO and how they control them:

1. By acquiring visibility. The biggest obstacle in trying to secure and manage NHIS actually finding them. Visibility in where not lying in the environment can be limited, and the detection of all or even most of them is a difficult task. Many organizations have thousands of NHIS that they didn’t even know. Old Proverb: This means that the detection and inventory of NHIS is crucial. Implementation Manage Posture personality The decision can help administrators and security specialists identify NHIS throughout their organization.
2. Priority and reduced risk. The next problem is the NHIS risk priorities in the environment. Not all NHIS are created equal. Searching the most powerful NHIS and identifying inflated NHIS is a key step in providing these identities. Many services for services and other NHIS have much more privileges than they need, which can create risks for the organization. Detection of high -value NHIS and privileges and permits can help reduce the risk. “It is about understanding the radius of the blast associated with every inhuman person and ask,” What is the risk? “Not all NHIS are the same threat,” said Saton.
3. Installing management. With a lot of NHIS, which was created today, the control has become a real thorn in the side for Cisos. But if they do not have proper management, there may happen bad things – take, eg Internet -Archival series of dishonest -to -to -zheutons In October 2024, developers set up NHIS to meet short -term needs, but they are rarely tracked or derived properly. Understanding who creates NHIS as they create them, and for what purpose is a good first step. The security teams then need to set a clear process to control them so that inhuman identities cannot be created arbitrarily. “We need to think about what our political authentication and password are,” Satton says. “For example, probably a lot of accounts of services with weak, static passwords that have not turned over for years. How can we make sure that we manage them?”

Last thoughts

Inhuman identities are important for business today, helping them automate processes, ensure integration and ensure smooth operations. Task: They are difficult to provide and are an attractive purpose for the threat subjects as they often do not have the Federation, do not have the Ministry of Foreign Affairs, use static credentials and have excessive privileges.

In the end, inhuman identities and human identities may have different characteristics and needs, but both require an approach that protects them before, during and after authenticity check. NHIS may not be human, but they are becoming more powerful actors in your environment. This makes them not mandatory but urgent.