Francis Odum's insightful guide on the growing role of Non-Human Identities (NHIs) in cybersecurity highlights a critical issue security leaders face—NHIs are everywhere. Although 90% of traffic is generated from automated workloads, microservices, AI engines, OT/IOT equipment, and other “machines”, only a fraction of cybersecurity spend, is on managing and securing this access. #nonhumanidentities #machineidentity #iam
Excited to share my complete guide into the growing role of non-human identities (NHI) in cybersecurity, along with key vendors to watch in this space! Here are some key insights I got from security leaders and CISOs: 1) NHIs aren't new, but they're fragmented across the tech stack. Nearly every leader acknowledges NHIs as an attack vector with limited visibility and control. 2) There's no single solution that addresses NHI management holistically within the identity landscape. 3) Existing identity solutions in IAM, IGA, PAM, ITDR, and CIEM provide only partial visibility into NHIs. This gap has led to the rise of new NHI-focused companies. 4) In the past 13 months, there has been one attack almost every month involving the breach of NHIs, highlighting the challenge for companies. 5) The report provides a detailed breakdown of how the key vendors solve this issue. Among pure-play NHI vendors, companies like Natoma, Entro Security, Astrix Security, Clutch Security, Veza and a distinct approach utilized by Aembit. The report concludes by delving into the big question: Will human and non-human identity ecosystems converge or remain distinct in the coming years? As the number of NHIs vastly outnumbers human identities, how will CISOs manage / budget for this issue? In the meantime, there is a clear need for this category and it's an exciting space to follow! Hope this report is valuable to any security leader evaluating this space. The full report can be found here: https://lnkd.in/gFCuCARz
Founder @ Software Analyst Cybersecurity Research
2dThanks!