/plushcap/analysis/veza/where-non-human-identities-nhis-and-human-identities-converge-a-comprehensive-approach-to-identity-security

Where Non-Human Identities (NHIs) and Human Identities Converge: A Comprehensive Approach to Identity Security

What's this blog post about?

The modern enterprise security landscape necessitates a comprehensive approach to identity security that addresses both human and non-human identities. This shift is driven by the proliferation of applications and other workloads leveraging service accounts, service principles, and the like. There are five key drivers for this need: 1) NHIs often use accounts intended for humans, leading to challenges in understanding your environment or the extent of risk; 2) assigning human owners to NHIs is vital for effective governance and security; 3) humans are often "upstream" of NHIs, making it critical to understand and manage full chains of access from data to human user; 4) similarities in tools and processes for both types of identities can reduce complexity and ensure consistency across operations and security; and 5) streamlining the process of creating and using NHIs for engineers is essential to securing them. Embracing a unified strategy that recognizes the overlap and interdependencies between these types of identities is crucial for ensuring robust protection against evolving threats in an increasingly interconnected digital landscape.

Company
Veza

Date published
July 30, 2024

Author(s)
Rich Dandliker

Word count
965

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.