What are non-human identities and why do they matter?
by nlqip
![What are non-human identities and why do they matter?](https://kartwheelnewz.info/wp-content/uploads/2024/06/What-are-non-human-identities-and-why-do-they-matter.jpg)
Developers, engineers, and end users across the organization and broader ecosystem often create NHIs and grant them access without a deep understanding of the implications of these long-lived credentials, their level of access, and their potential exploitation by malicious actors — without the governance or involvement of security teams.
The implications of this is manifesting in massively overly permissive identities. Some cloud-native security companies have found that only 2% of granted permissions are actually used, suggesting that there is a massive sprawl of ungoverned, often unsecured, identities with far more access and permissions than needed, making them ripe for exploitation and abuse by attackers.
NHI access is facilitated by Open Authorization
NHIs are a core part of enabling activities, workflows and tasks in enterprise environments, often using widely pervasive and popular software and services such as Google, GitHub, Salesforce, Microsoft 365/Azure AD, Slack and more.
Source link
lol
Developers, engineers, and end users across the organization and broader ecosystem often create NHIs and grant them access without a deep understanding of the implications of these long-lived credentials, their level of access, and their potential exploitation by malicious actors — without the governance or involvement of security teams. The implications of this is manifesting…
Recent Posts
- Malicious PyPI Package Targets macOS to Steal Google Cloud Credentials
- Secure Boot no more? Leaked key, faulty practices put 900 PC/server models in jeopardy
- Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services – Krebs on Security
- Friday Squid Blogging: Sunscreen from Squid Pigments
- Here Are The 8 Biggest IT Services M&A Deals In Q2 2024