_2023.png?disable=upscale&width=1200&height=630&fit=crop&w=696&resize=696,0&ssl=1 "Growing Influence of Non-Human Identities: The Need for Effective Management and Security")
_2023.png?disable=upscale&width=1200&height=630&fit=crop&w=1200&resize=1200,0&ssl=1&description=Growing+Influence+of+Non-Human+Identities%3A+The+Need+for+Effective+Management+and+Security){kind=link}
Photo credit: www.darkreading.com
COMMENTARY
The past few years have seen a remarkable surge in systems that operate over the internet autonomously, without any human input. This phenomenon, driven in large part by the Internet of Things (IoT), has led to a significant rise in machine-to-machine (M2M) communication. The rapid expansion of digital applications and the ongoing push towards digital transformation—accelerated by the shift to remote work and increased e-commerce—have facilitated unprecedented interaction among software codes across networks.
Consequently, managing the identities of these systems has become critical. Organizations must determine what these systems can do online, including whether they can send and receive data, where that data can be sent, and in what formats and quantities. They must also consider if these identities might have changed since their last online session—for instance, whether they have acquired new access rights or updated software that alters their capabilities. Currently, non-human identities (NHI) are estimated to outnumber human identities at an alarming rate of 50 to one (50:1), and with the increasing automation of business processes through artificial intelligence (AI) and generative AI (GenAI), this growth trend is likely to continue, expanding the potential threat landscape.
Why NHI Management is Required
Non-human identities can be defined as digital identifiers associated with various entities such as applications, machines, and services within an enterprise’s technology framework. These may include bots, API keys, service accounts, OAuth tokens, and other credentials necessary for communication and resource access between machines or software.
The urgency for robust NHI management (NHIM) stems from several pivotal factors:
Increasing complexity of IT infrastructures: Modern IT environments are intricate, comprising numerous interconnected systems, a variety of cloud services, and an array of devices, notably IoT devices that often function autonomously. Proper identity management for non-human entities is crucial for maintaining accountability, traceability, and security in such systems.
Rising automation practices: As organizations embrace automation to enhance operational efficiency and minimize manual tasks, the role of non-human entities becomes increasingly prominent. This elevation necessitates a comprehensive identity management strategy to thwart unauthorized access and potential misuse of resources.
Escalating cybersecurity threats: Cybercriminals frequently target NHIs, especially those within IoT realms that function without human oversight, looking to exploit weaknesses for illicit gain. Inadequate authentication, misconfigured settings, and insufficient monitoring can leave these entities vulnerable to attacks, resulting in data breaches and service interruptions.
A Nascent Market, Ripe for Acquisitions
The market for NHIs is still in its infancy, largely comprised of startups. Notable players include:
Aembit; Andromeda Security; Astrix; AxisNow; Clarity Security; Clutch Security; Corsha; Entro Security; Natoma; Oasis; P0 Security; SlashID; TrustFour; Unosecur; Veza; Whiteswan Security.
Some of these companies focus specifically on NHI security, while others offer broader capabilities often characterized as governance of NHIs. A comprehensive market analysis comparing the major players in this field is anticipated for release in 2025.
Analysts at Omdia suggest that the presence of many startups in the NHI market makes them attractive acquisition targets for larger identity security firms. Indeed, there have already been notable acquisitions, such as the acquisition of Authomize by Delinea, a provider of privileged access management (PAM), earlier this year. Additionally, in May 2024, CyberArk, a leading PAM company, acquired Venafi for $1.5 billion. Unlike many NHI specialists, Venafi had established itself earlier, thanks to its experience with certificate lifecycle management (CLM) and key management.
Conclusions
The rise of self-operating devices has heightened awareness regarding the necessity of managing their digital identities. Analysts at Omdia project that the proliferation of NHIs will likely accelerate, further complicating the cybersecurity landscape. Enterprises need to recognize that trends such as cloud adoption, microservices, and DevOps are driving the growth of these entities in business environments. The opportunities for vendors within the identity security sector remain substantial, especially given the current imbalance where machine identities significantly outnumber human ones at a 50:1 ratio, a figure expected to continue to grow in the future.
Source
www.darkreading.com