top of page
Writer's pictureKatarzyna Celińska

The State of Non-Human Identity Security

Non-Human Identities (NHI) such as bots, API keys, service accounts, OAuth tokens, and secrets are becoming increasingly important in today's digital landscape. While they automate critical tasks and drive innovation, they also pose significant security risks.


A survey report developed by the Cloud Security Alliance (CSA) and sponsored by Astrix Security reveals key insights into how organizations are currently managing NHIs and the gaps in their security measures.


Key Findings from the Report:


High Anxiety, Low Confidence


Only 15% of organizations feel highly confident in preventing NHI attacks, while 69% express moderate to high concern. The complexity and sheer number of NHIs are a challenge, often outnumbering human identities by 20 to 1.





Struggles with the Basics of NHI Security


Many organizations face issues managing service accounts (32%), auditing and monitoring (25%), and access and privileges (25%). These fundamental areas are essential for maintaining a secure environment.


Challenges with Managing API Keys


Only 20% of organizations have formal processes for offboarding and revoking API keys, and even fewer (16%) rotate or roll back API keys. Manual handling of API keys leads to delays and inefficiencies, creating security vulnerabilities.


Fragmented Approaches Lead to Security Incidents


Many organizations rely on security tools not specifically designed for NHIs, leading to fragmented and ineffective strategies. As a result, 45% of NH securityincidents stem from a lack of credentialrotation, and 37% from inadequate monitoring.


Investment in NHI Security on the Rise


Encouragingly, 24% of organizations plan to invest in NHI security capabilities within the next six months, and 36% within the next year.



1 view0 comments

Recent Posts

See All

Comments


Stay in touch

ITGRC ADVISORY LTD. 

590 Kingston Road, London, 

United Kingdom, SW20 8DN

​company  number: 12435469

Privacy policy

  • Facebook
  • Twitter
  • LinkedIn
  • Instagram
bottom of page