Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Businesses nationwide are undergoing an identity crisis, and it’s not the existential, edgy kind.
Non-human identities (NHIs), digital credentials that enable machines and applications to interact with one another without human intervention, are outnumbering their human counterparts in organizations. According to a recent AppViewX report—which queried 367 IT, cybersecurity, DevOps, platform, and cybersecurity engineering professionals across North America—the average company manages about 20 times more NHIs than human ones.
However, security around NHIs has remained a large problem for businesses. The report, conducted in partnership with TechTarget’s Enterprise Strategy Group, claims that nearly 46% of professionals surveyed admitted that their organization experienced an NHI-related breach in the last 12 months.
A brewing problem. AppViewX VP of Product Marketing Christian Simko told IT Brew that security concerns around NHIs have been “percolating” for a long time and that the issue has garnered a lot more “mindshare” from security teams within the last year. Simko blamed the problem largely on a lack of visibility around the full scope of NHIs used across an organization.
The biggest challenge for organizations when it comes to NHIs, according to Simko, is that they’re not easy to see.
Silverfort CISO John Paul Cunningham added that companies may find themselves struggling with NHI security because they falsely believe that they have “solved” their identity security-related problems, causing the problem area to be at the bottom of the pile in a company’s budget and cybersecurity strategy priorities.
“The problem is we stop thinking about identity as much…it needs to be like the number one or number two thing that we’re thinking about today,” Cunningham said.
It’s only up from here. More than half (52%) of the organizations surveyed by AppViewX expect to increase their total number of NHIs under management by more than 20% in the next year.
And Cunningham told IT Brew that bad actors aren’t pressing the brakes anytime soon in their pursuit to gain access to these digital entities.
“It’s the ripest target,” Cunningham said. “Every hacker wants to get that non-human identity because they know it’s going to have privileged access to something.”
Fortunately, security leaders can take precautions to avoid an NHI-related breach. According to Simko, businesses can start by increasing their visibility of NHIs with centralized management to eliminate cybersecurity weak points.
Cunningham added that CISOs should prioritize identity security in their strategies and budgets.
“If we do that, hopefully, we’ll solve the problem and we won’t be asking why great companies with great security tools and great people get breached,” he said.