Entro Security Labs, a leading provider of Non-Human Identity (NHI) and Secrets Management solutions, recently conducted a comprehensive analysis of millions of real-world NHI secrets, exposing significant risks and emphasizing the urgent need for improved security practices in this area. The findings of their research report, titled the “2025 State of Non-Human Identities and Secrets in Cybersecurity,” shed light on concerning trends impacting organizations worldwide.
The research conducted by Entro Security Labs revealed some alarming statistics regarding the management of NHIs within organizations. It was found that 97% of NHIs possess excessive privileges, which can lead to unauthorized access and expand the attack surface. Additionally, 92% of organizations are exposing NHIs to third parties, increasing the risks of unauthorized access if the security practices of these third parties do not align with organizational standards. Perhaps most shockingly, the report found that 44% of tokens are exposed in the wild, being sent or stored on various platforms such as Teams, Jira tickets, Confluence pages, and code commits. Such reckless practices put sensitive information at serious risk of interception and exposure, making them vulnerable to breaches.
Further analysis conducted by Entro Security Labs highlighted key findings that underscore the need for urgent action to address the vulnerabilities present in the management of human and non-human identities within organizations. Some of the critical points include the fact that for every human identity, there are an average of 92 non-human identities, increasing the complexity of identity management and the potential for security vulnerabilities. Additionally, 91% of former employee tokens remain active, leaving organizations susceptible to security breaches. Moreover, it was found that 50% of organizations onboard new vaults without proper security approval, introducing vulnerabilities and misconfigurations from the outset.
The report also highlighted that 73% of vaults are misconfigured, leading to unauthorized access and the exposure of sensitive data and compromised systems. In addition, 60% of NHIs are being overused, with the same NHI being utilized by multiple applications, increasing the risk of a single point of failure and widespread compromise if exposed. Furthermore, 62% of all secrets are duplicated and stored in multiple locations, causing unnecessary redundancy and increasing the risk of accidental exposure. Lastly, 71% of non-human identities are not rotated within the recommended time frames, increasing the risk of compromise over time.
These concerning findings underscore the critical need for organizations to reassess their NHIs and secrets management practices. The data collected by Entro Security Labs was obtained through a mixed-methods approach, integrating quantitative data analysis with qualitative insights derived from industry observations. The report provides valuable insights into the state of non-human identities in cybersecurity, drawing attention to the urgent need for organizations to prioritize robust security practices in this area.
For organizations looking to enhance their NHIs and secrets management practices, Entro Security offers a comprehensive solution that provides Non-Human Identity Lifecycle Management, Secrets Security, and Non-Human Identity Detection and Response. By integrating seamlessly within an organization’s existing infrastructure, Entro provides a single pane of glass to securely use and manage non-human identities and secrets at scale. Backed by top cybersecurity VCs and recognized as a Cool Vendor by Gartner, Entro Security is at the forefront of innovation in the field of NHI and Secrets Management.
As organizations navigate the complex landscape of cybersecurity threats, the insights provided by Entro Security Labs offer valuable guidance on how to address the vulnerabilities associated with NHIs and secrets management. By implementing best practices and leveraging innovative solutions, organizations can effectively protect sensitive information and safeguard their systems from potential breaches.
For more information on Entro Security and their research report on non-human identities, please visit their website. To learn more about their solutions or schedule a demo, visit https://entro.security/demo/.
Contact:
Senior Account Executive
Hannah Sather
Montner Tech PR
hsather@montner.com