Aembit, a company specializing in non-human identity and access management (IAM), has recently published its 2024 Non-Human Identity Security Report. This report sheds light on how organizations are managing and safeguarding non-human identities (NHIs) like applications, scripts, and service accounts. It exposes a concerning trend of relying on outdated methods and manual practices that are inadequate in protecting against the rising number of NHI-focused breaches.
The modern IT landscape is experiencing a rapid proliferation of non-human identities, driven by the shift towards distributed architectures, widespread cloud adoption, and increased automation. Despite this growth, the report highlights a glaring disparity in security practices between non-human and user identities. Most organizations acknowledge that their efforts to secure non-human identities are either falling behind or struggling to keep up with evolving threats.
The survey conducted among IT and security professionals revealed common negligent practices, such as storing long-term credentials directly in code, using spreadsheets for manual input, and sharing sensitive information through collaboration tools. Moreover, many organizations face challenges in securing NHIs in complex, multi-cloud environments, citing issues like inconsistent access management and unclear ownership of security processes.
Key findings from the survey include:
– 88.5% of organizations admitted that their non-human IAM practices lag behind or are on par with their user IAM efforts.
– Only 19.6% of respondents expressed strong confidence in their non-human IAM practices.
– Insecure practices, such as storing long-term credentials in code and sharing secrets through copying and pasting, were prevalent among 30.9% and 23.7% of respondents, respectively.
– Outmoded methods like secrets managers for non-human workload-to-workload authentication are still being used by 38.9% of respondents.
– 35.6% of organizations struggle to manage non-human identity security across hybrid and multi-cloud environments.
– 23.5% of organizations are unsure of the biggest threat to their non-human identities.
David Goldschlag, co-founder and CEO of Aembit, emphasized the critical role NHIs play in digital ecosystems and the need to elevate their security to the same level as user IAM. He highlighted the importance of recognizing NHIs beyond background tools and focusing on securing these identities and their vital connections.
The survey, which gathered responses from 110 professionals ranging from developers to CISOs, underscored the growing need for holistic approaches to managing non-human identities. With businesses expanding across cloud environments, the complexity of managing workload identities has increased, leaving many organizations struggling due to fragmented or outdated approaches.
Aembit’s identity and access management platform aims to address these challenges by securing access between workloads across various cloud environments. Through automation and policy-based controls, Aembit enables organizations to implement Zero Trust principles with multi-factor authentication.
For more information on Aembit and to access the full survey report, interested users can visit their website and follow them on LinkedIn.