AppViewX
announced the release of a new report titled, Securing Non-Human
Identities: Insights for an Effective Cybersecurity Program.
Conducted in partnership with TechTarget's Enterprise Strategy Group (ESG), the
report surveyed 367 IT, cybersecurity, and DevOps professionals to assess the
growing volume and risks associated with non-human identities (NHIs) in modern
IT environments.
The
research exposes the security threats associated with NHIs, which include
machine identities, digital certificates, API cloud keys, service accounts, and
other automated systems. According to the report, NHIs outnumber human
identities by a factor of 20, yet nearly one in five are inadequately
protected. The study also found that 66 percent of enterprises have experienced
a successful cyberattack resulting from compromised NHIs. Additionally, 57
percent of the episodes where organizations suffering a successful attack tied
to NHI compromises got Board of Directors attention.
"Non-human
identities represent one of the most significant attack surfaces within today's
enterprises," said Todd Thiemann, Senior Analyst at ESG. "Without proper
management and security controls, NHIs can lead to costly data breaches,
operational disruptions, and compliance failures. This report provides valuable
insight into the current NHI landscape, how organizations are addressing risks,
and their intentions for ensuring continuous security as their NHI volume
grows."
Key Findings from the Report Include:
- NHI Proliferation: Organizations
now manage 20 times more non-human identities than human ones, with more
than 50% expecting this number to increase by over 20% in the next year.
- Compromise Incidents: Nearly 46%
of organizations have experienced breaches related to non-human
identities, with the average enterprise suffering 2.7 incidents in the
past year.
- Visibility and Lifecycle
Challenges: A significant portion of respondents reported poor visibility
into their NHI environment, with many lacking confidence in their ability
to secure and manage these identities effectively.
- Increased Investment in Security:
Over 80% of organizations expect to increase spending on non-human
identity security, with a focus on identity threat detection, certificate
lifecycle management, and workload access control.
"The
complexity of modern cloud environments makes managing non-human identities
manually unfeasible, even for smaller organizations. Meanwhile, digital
transformation, AI and cloud-first initiatives are pushing the population of
these digital identities to near exponential growth," said Gregory Webb, Chief
Executive Officer at AppViewX. "Automated certificate lifecycle management and
crypto-agility are key to avoiding security lapses, preventing costly outages
and reducing exposure to cyber threats. This report underscores both the scale
and severity of the problem."
Availability
The
full Securing Non-Human Identities report is available for
download on the AppViewX website at www.appviewx.com/NHI-report.