Non-Human Identities (NHI) such as bots, API keys, service accounts, OAuth tokens, and secrets are becoming increasingly important in today's digital landscape. While they automate critical tasks and drive innovation, they also pose significant security risks.
A survey report developed by the Cloud Security Alliance (CSA) and sponsored by Astrix Security reveals key insights into how organizations are currently managing NHIs and the gaps in their security measures.
Key Findings from the Report:
High Anxiety, Low Confidence
Only 15% of organizations feel highly confident in preventing NHI attacks, while 69% express moderate to high concern. The complexity and sheer number of NHIs are a challenge, often outnumbering human identities by 20 to 1.
Struggles with the Basics of NHI Security
Many organizations face issues managing service accounts (32%), auditing and monitoring (25%), and access and privileges (25%). These fundamental areas are essential for maintaining a secure environment.
Challenges with Managing API Keys
Only 20% of organizations have formal processes for offboarding and revoking API keys, and even fewer (16%) rotate or roll back API keys. Manual handling of API keys leads to delays and inefficiencies, creating security vulnerabilities.
Fragmented Approaches Lead to Security Incidents
Many organizations rely on security tools not specifically designed for NHIs, leading to fragmented and ineffective strategies. As a result, 45% of NH securityincidents stem from a lack of credentialrotation, and 37% from inadequate monitoring.
Investment in NHI Security on the Rise
Encouragingly, 24% of organizations plan to invest in NHI security capabilities within the next six months, and 36% within the next year.
Author Sebastian Burgemejster
Comments