One in five organizations have experienced a NHI security incident

Cloud security was analyzed in a recent report by Astrix Security. The report focuses on the current state of non-human identity (NHI) security. Findings reveal a significant security disparity: organizations are far less equipped to secure non-human identities compared to their human counterparts. 

The most common challenges include service account management and NHI discovery. Though the survey also revealed there is a growing recognition of the importance of investing in NHI security with one in four organizations already investing in these capabilities and an additional 60% planning to within the next twelve months. 

Nearly one in five organizations have experienced a security incident related to NHIs. The most common causes of NHI-related attacks were: lack of credential rotation (45%); inadequate monitoring and logging (37%); and over privileged accounts/identities (37%). 

There is a significant gap in organizations’ security methods with 1.5 out of 10 organizations highly confident in their ability to secure NHIs, compared to nearly one in four for securing human identities. This lack of confidence in securing NHIs versus human identities could be due to the sheer volume of NHIs in their environment, which often outnumber human identities by a factor of 20 to one

These tools are not specifically designed to address NHI security challenges; for instance: 58% use Identity and Access Management (IAM) systems; 54% use Privileged Access Management (PAM); 40% use API security measures; 38% employ zero trust/least privilege strategies; 36% use Secrets Management tools. As a result, the three most common causes of NHI security incidents include lack of credential rotation (45%), inadequate monitoring and logging (37%), and over-privileged accounts or identities (37%). 

Major challenges that organizations encounter include auditing and monitoring (25%); access and privileges (25%); discovering NHIs (24%); and policy reinforcement (21%). Another significant concern is the struggle to gain visibility into third-party vendors connected by OAuth apps, with 38% of organizations reporting no or low visibility into third-party vendors, and another 47% having only partial visibility. 

Read the report.