<p>Nonhuman identity security has become a pressing concern as the number of machine-driven identities connecting to corporate networks continues to surge.</p>
<p>According to some analysts, NHIs now exceed human accounts by factors of 10x to 50x in many organizations, especially those embracing cloud, automation, AI and DevOps. Despite this explosive growth, NHIs remain one of the <a href=”https://www.techtarget.com/searchsecurity/opinion/Nonhuman-identity-security-is-getting-board-level-attention”>least understood and least governed</a> identity categories. Organizations must rethink how they classify, secure and monitor NHIs to avoid a growing attack surface. In a 2024 survey conducted by the Cloud Security Alliance, 17% of respondents <a target=”_blank” href=”https://cloudsecurityalliance.org/artifacts/state-of-non-human-identity-security-survey-report” rel=”noopener”>reported</a> experiencing a security incident related to NHIs.</p>
<section class=”section main-article-chapter” data-menu-title=”What are nonhuman identities?”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>What are nonhuman identities?</h2>
<p>At first glance, the term “nonhuman identity” would appear to include anything that isn’t a person, such as servers, devices, workloads, service accounts and so on. But the industry’s understanding of identity has evolved. In legacy environments, machine identities generally refer to certificates, SSH keys, device accounts or service accounts tied to OSes or hardware. These were relatively static, predictable and closely aligned with infrastructure stacks. In a cloud-native, API-driven environment, however, that definition is no longer sufficient. NHIs encompass a much broader and more dynamic set of identities, including the following:</p>
<ul class=”default-list”>
<li><b>Workload identities. </b>These represent cloud workloads — VMs, containers, serverless functions — that are permitted to authenticate to cloud resources. Examples include AWS identity and access management (IAM) roles for EC2 or Lambda, Azure managed identities and Google Cloud service accounts. These identities often live for microseconds to hours and frequently generate temporary credentials.</li>
<li><b>Service accounts. </b>These include<b> </b>OS or application accounts used by internal services,
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: