NHIs may be your biggest — and most neglected — security hole
- by nlqip
The NHI problem is “more challenging in cloud environments, with third-party interactions, IoT deployments, and at remote sites,” said Michael Tsia, the head of product at SaaS management platform Zluri. “The nature of these distributed environments makes it hard to keep centralized control and visibility over NHIs. Third-party NHIs might not be under your direct control, which makes consistent access policies difficult to enforce.”
IoT devices, for example, often offer limited options for access controls, Tsia points out. Moreover, NHIs local to remote sites may be hard to monitor from a central location.
“To address these challenges, organizations can implement additional measures like centrally managing and frequently rotating NHI credentials, closely monitoring authentication attempts and access patterns to detect anomalies, segmenting networks to isolate high-risk NHIs and limit lateral movement if compromised, and extending PoLP [principle of least privilege] and auditing practices to third-party and remote NHIs as much as possible,” he says.
Source link
lol
The NHI problem is “more challenging in cloud environments, with third-party interactions, IoT deployments, and at remote sites,” said Michael Tsia, the head of product at SaaS management platform Zluri. “The nature of these distributed environments makes it hard to keep centralized control and visibility over NHIs. Third-party NHIs might not be under your direct…
Recent Posts
- Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms
- How to reduce cyber risk during employee onboarding
- Germany seizes 47 crypto exchanges used by ransomware gangs
- Police dismantles phone unlocking ring linked to 483,000 victims
- Ahead Adds Former Google Cloud VP To Board To ‘Fuel’ AI, Hybrid Cloud