Entro Security Labs, a leading developer of the Non-Human Identity (NHI) and Secrets Management platform, has recently published a research report titled “2025 State of Non-Human Identities and Secrets in Cybersecurity,” shedding light on the vulnerability and risks associated with NHIs. The report highlights alarmingly high percentages of NHIs with excessive privileges, exposing organizations to the risk of unauthorized access and expanding their attack surface.
According to the research findings, a concerning 97% of NHIs have been found to possess excessive privileges, increasing the potential for unauthorized access and security breaches. Furthermore, the report reveals that 92% of organizations are inadvertently exposing NHIs to third parties, which can further exacerbate the risk of unauthorized access if third-party security practices do not align with organizational standards. Additionally, a surprising 44% of tokens are exposed in the wild, sent or stored over platforms like Teams, Jira tickets, Confluence pages, and code commits, posing a serious threat to sensitive information security.
The research conducted by Entro Security Labs also brings to light other significant findings related to NHIs and secrets management practices within organizations. Some key takeaways include:
– An average of 92 non-human identities for each human identity, increasing the complexity and potential vulnerabilities in identity management.
– 91% of former employee tokens remain active, leaving organizations susceptible to security breaches.
– 50% of organizations onboard new vaults without proper security approval, introducing vulnerabilities from the outset.
– 73% of vaults are misconfigured, leading to unauthorized access and exposure of sensitive data.
– 60% of NHIs are overused, increasing the risk of a single point of failure if exposed.
– 62% of secrets are duplicated and stored in multiple locations, risking accidental exposure.
– 71% of NHIs are not rotated within recommended time frames, increasing the risk of compromise over time.
The insights derived from the report emphasize the critical need for organizations to reassess their NHIs and secrets management practices to mitigate risks and enhance security measures. The data collection methodology employed a mixed-methods approach, combining quantitative data analysis with qualitative insights from industry observations. The research delves into statistical analysis of security incidents and vulnerabilities, supported by industry reports and survey data from IT and security professionals.
Entro Security’s comprehensive research report on non-human identities is available on their website for further exploration. Organizations can leverage this valuable information to understand the current landscape of NHIs and secrets management practices, highlighting areas for improvement and heightened security measures.
For those interested in learning more or scheduling a demo of Entro Security’s innovative platform, they can visit https://entro.security/demo/ for further information. Entro Security, headquartered in Boston, is an award-winning pioneer in Non-Human Identity Lifecycle Management, Secrets Security, and Identity Detection and Response. The company’s seamless integration within organizations’ vaults and secret creation locations offers a unified approach to secure the use and management of NHIs and secrets at scale.
In conclusion, the release of Entros Security Labs’ research report serves as a wake-up call for organizations to reevaluate their approach towards non-human identities and secrets management. By addressing the identified risks and vulnerabilities, organizations can fortify their cybersecurity defenses and safeguard sensitive information from potential breaches.