Developers, engineers, and end users across the organization and broader ecosystem often create NHIs and grant them access without a deep understanding of the implications of these long-lived credentials, their level of access, and their potential exploitation by malicious actors — without the governance or involvement of security teams.

The implications of this is manifesting in massively overly permissive identities. Some cloud-native security companies have found that only 2% of granted permissions are actually used, suggesting that there is a massive sprawl of ungoverned, often unsecured, identities with far more access and permissions than needed, making them ripe for exploitation and abuse by attackers.

NHI access is facilitated by Open Authorization

NHIs are a core part of enabling activities, workflows and tasks in enterprise environments, often using widely pervasive and popular software and services such as Google, GitHub, Salesforce, Microsoft 365/Azure AD, Slack and more.