Why non-human identities are a security priority

No Comments

Non-human identities (NHIs) -- such as service accounts, tokens, API keys, and workloads -- are exploding in volume, now outnumbering humans 50 to one, but they remain under-observed, under-protected, and dangerously over-privileged.

New data from identity security platform Silverfort shows 40 percent of cloud NHIs do not have an owner. These accounts are often excluded from proper lifecycle management, leaving them unobserved, unprotected, and open to abuse.

There are some other interesting findings too, only 5.7 percent of organizations say they can accurately inventory all NHIs in their environment. Visibility remains the first, and possibly biggest, barrier to securing NHIs.

In addition 56 percent of organizations say they unknowingly sync their service accounts to their SaaS directory. This makes it possible for attackers who have accessed an organization's on-prem environment to also compromise their SaaS environment too. 46 percent of service accounts are still using the now-deprecated NTLM protocol to authenticate making them easy targets.

Part of the problem is that NHIs can't be protected in the same way as humans, MFA can't be enforced for example, and without full observability behavior baselines cannot be established. NHIs are often granted more access than they need too, the research shows 35 percent of all user accounts are service accounts with high access privileges and low visibility

Leonie Fraser, senior manager -- digital and content marketing at Silverfort, writes on the company's blog:

Non-human identities are no longer a niche IT concern -- they are a central pillar of enterprise infrastructure and a rapidly expanding attack surface all their own. The evidence is clear: NHIs are everywhere, they have elevated access, and they're largely invisible to traditional security controls. As attackers increasingly exploit this blind spot, organizations must act quickly to secure their non-human identity landscape.

The path forward starts with visibility, is strengthened through policy enforcement, and culminates in continuous, adaptive protection, so every dimension of identity is known and secured.

You can read more and download the full report on the Silverfort blog.

Image credit: DenisSmile/depositphotos.com

No Comments
Got News? Contact Us

Recent Headlines

PNY microSD Express cards bring fast storage to Nintendo Switch 2

Why non-human identities are a security priority

Big tech's privacy paradox: Why regulatory alignment is now a technical imperative

New tool helps organizations ignore CVEs

DDoS and IP transit: Why integration is the smart choice for modern connectivity

How data sovereignty is becoming mission critical to enterprises

Signal declares war on Microsoft Recall with screenshot blocking on Windows 11

Most Commented Stories

Say 'no thanks' Microsoft Windows 11 and 'yes please' to AnduinOS 1.3

61 Comments

Nintendo says your Switch 2 isn’t really yours even if you paid for it

26 Comments

Move over Windows 11, Windows 12 is the Microsoft operating system we need

25 Comments

Microsoft has finally relented and is giving Windows 11 users the new Start menu they want

23 Comments

Never mind Windows 11, Commodore OS Vision 3.0 is the retro-inspired OS you didn't know you needed -- download it now!

18 Comments

Ditch Microsoft Windows for ALT Workstation 11: A Russian Linux distro with a modern GNOME desktop

15 Comments

Crapfixer 1.0 is here to fix Windows 11 and turn it into the operating system you deserve -- download it now!

14 Comments

Hackers can now bypass Linux security thanks to terrifying new Curing rootkit

11 Comments

© 1998-2025 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.