The recent surge in attention towards unmanaged non-human identities (NHIs) and the risks they pose, including machine-to-machine credentials such as service accounts and API keys, has been remarkable. With a growing number of breaches involving NHIs, concerns about the potential vulnerabilities are on the rise. However, it is essential to separate the legitimate concerns from the fear and uncertainty that can cloud the issue.
It is undeniable that NHIs present a significant risk to organizations. But it is also possible to effectively manage this risk and establish proper governance to address it in the long term. While human identity management has been a longstanding challenge that has taken years for identity and access management tools to mature, the management of machine identities is comparatively more advanced.
The first step in mitigating the risks associated with NHIs is to conduct a thorough inventory of all identities within the organization, both human and non-human. Without visibility into these identities, it is impossible to secure them effectively, particularly in the case of NHIs, which are often used to access sensitive data and services across multiple applications.
One common scenario that highlights the potential risks of NHIs is when a developer connects a third-party integration to an organization’s repository or grants permission for a productivity tool to access sensitive data. In such cases, new NHIs are created in the form of access tokens, which can be exploited in the event of a breach of the third-party provider. This highlights the importance of knowing and managing the exposure of these identities to prevent unauthorized access to critical systems and data.
Anomaly detection plays a crucial role in identifying and responding to potential exploits involving NHIs. While existing systems may be able to detect anomalies in human identities, the detection of unusual behavior in NHIs is less common. Establishing systems that can monitor and detect anomalous behavior in NHIs is essential for identifying potential threats and responding proactively to mitigate their impact.
Creating comprehensive inventories of NHIs, reining in secrets sprawl, baselining identities and roles in cloud environments, and continuously monitoring for anomalies are key steps in establishing a robust NHI management program. While the complexity of managing NHIs may seem daunting, the governance processes and tools available are more than capable of addressing these challenges effectively.
In conclusion, while the risks associated with unmanaged NHIs are real and should not be underestimated, the tools and processes available to manage these risks are advanced enough to provide organizations with the necessary means to protect against potential threats. By implementing effective governance and monitoring processes, organizations can mitigate the risks associated with NHIs and ensure the security of their data and systems.