What are non-human identities and why do they matter?
- by nlqip
Developers, engineers, and end users across the organization and broader ecosystem often create NHIs and grant them access without a deep understanding of the implications of these long-lived credentials, their level of access, and their potential exploitation by malicious actors — without the governance or involvement of security teams.
The implications of this is manifesting in massively overly permissive identities. Some cloud-native security companies have found that only 2% of granted permissions are actually used, suggesting that there is a massive sprawl of ungoverned, often unsecured, identities with far more access and permissions than needed, making them ripe for exploitation and abuse by attackers.
NHI access is facilitated by Open Authorization
NHIs are a core part of enabling activities, workflows and tasks in enterprise environments, often using widely pervasive and popular software and services such as Google, GitHub, Salesforce, Microsoft 365/Azure AD, Slack and more.
Source link
lol
Developers, engineers, and end users across the organization and broader ecosystem often create NHIs and grant them access without a deep understanding of the implications of these long-lived credentials, their level of access, and their potential exploitation by malicious actors — without the governance or involvement of security teams. The implications of this is manifesting…
Recent Posts
- Microsoft Partners Prepare For Automatic Switch To New Outlook
- Qualcomm: Return Rates For Snapdragon X PCs Are ‘Within Industry Norm’
- 8 Big Comments By Intel’s CEOs On Its AI, PC, Data Center And Foundry Efforts
- CISA Adds One Known Exploited Vulnerability to Catalog | CISA
- CISA and EPA Release Joint Fact Sheet Detailing Risks Internet-Exposed HMIs Pose to WWS Sector | CISA