One in five organizations have experienced an NHI security incident

Cloud security was analyzed in a recent report by Astrix Security. The report focuses on the current state of non-human identity (NHI) security. The results show a significant security gap: organizations are far less equipped to protect non-human identities compared to their human counterparts.

The most common challenges include service account management and NHI detection. However, the survey also found that there is increasing recognition of the importance of investing in NHI security, with one in four companies already investing in these capabilities and a further 60% planning to do so within the next 12 months.

Almost one in five organizations have experienced a security incident related to NHIs. The most common causes of NHI-related attacks were: lack of credential rotation (45%); inadequate monitoring and logging (37%); and through privileged accounts/identities (37%).

There is a significant gap in organizations' security practices: 1.5 in 10 organizations are very confident in their ability to protect NHIs, compared to almost a quarter in securing human identities. This lack of confidence in securing NHIs over human identities may be due to the sheer volume of NHIs in their environment, which often outnumber human identities by a factor of 20 to one.

These tools are not specifically designed to address NHI security challenges. for example: 58% use Identity and Access Management (IAM) systems; 54% use Privileged Access Management (PAM); 40% use API security measures; 38% use zero trust/least privilege strategies; 36% use secrets management tools. Therefore, the top three causes of NHI security incidents include lack of credential rotation (45%), inadequate monitoring and logging (37%), and overprivileged accounts or identities (37%).

The top challenges organizations face include auditing and monitoring (25%); access and privileges (25%); discover NHIs (24%); and political empowerment (21%). Another major problem is that it is difficult to gain visibility into third-party providers connected via OAuth apps. 38% of companies say they have little or no visibility into third-party providers, and another 47% have only partial visibility.

Read the report.