of NHIs have an unknown owner
THEY'RE EVERYWHERE
The silent risk: How non-human identities open the door to cyber threats
NHIs already outnumber human identities in most hybrid environments. As cloud, SaaS and API adoption grows, so do these identities—often without identity and security teams knowing where they are and what they’re doing.
They now make up a very significant portion of total users. In 2020, NHIs outnumbered human users by 10 to 1. It’s now estimated to be more like 50 to 1. In hybrid environments we found a ratio to between 1:30-1:50 for human to NHIs, while in multi-cloud environments the numbers are even higher. IAM roles, secrets and service accounts are the most common types of NHI in the wild, with a major lead over other types on NHI.
Almost in all cases, customers report hardships in assigning NHI’s human owners and therefore lacking the ability to protect NHIs end-to-end or rapidly remediate posture issues. More than half of customers estimate that 40% of NHIs have an unknown owner, many of whom are dormant or set and forget.
While the sheer number of NHIs in the typical enterprise environment isn’t a problem in itself, it does add a layer of complexity and urgency to the three issues we’ve already discussed: visibility, protection, and privileges. As this volume continues to multiply, so does the task of discovering, monitoring and securing every NHI, leaving organizations forever a step behind their rapidly expanding identity attack surface.
The volume of NHIs is growing—fast
of NHIs have an unknown owner
The silent risk: How non-human identities open the door to cyber threats
NHIs already outnumber human identities in most hybrid environments. As cloud, SaaS and API adoption grows, so do these identities—often without identity and security teams knowing where they are and what they’re doing.
They now make up a very significant portion of total users. In 2020, NHIs outnumbered human users by 10 to 1. It’s now estimated to be more like 50 to 1. In hybrid environments we found a ratio to between 1:30-1:50 for human to NHIs, while in multi-cloud environments the numbers are even higher. IAM roles, secrets and service accounts are the most common types of NHI in the wild, with a major lead over other types on NHI.
Almost in all cases, customers report hardships in assigning NHI’s human owners and therefore lacking the ability to protect NHIs end-to-end or rapidly remediate posture issues. More than half of customers estimate that 40% of NHIs have an unknown owner, many of whom are dormant or set and forget.
While the sheer number of NHIs in the typical enterprise environment isn’t a problem in itself, it does add a layer of complexity and urgency to the three issues we’ve already discussed: visibility, protection, and privileges. As this volume continues to multiply, so does the task of discovering, monitoring and securing every NHI, leaving organizations forever a step behind their rapidly expanding identity attack surface.
The volume of NHIs is growing—fast