Non-Human Identity (NHI) Protection and Governance
Non-human identities (NHIs) are the largest and fastest growing part of your identity attack surface, outnumbering human identities by an average of 17 to 1. Hackers are attacking NHIs because they know they can avoid human-focused security tools like MFA, so your security and compliance strategies must adapt to secure NHIs as first-class citizens.
Challenges
in securing NHIs
Intelligent access
for NHIs
Review access and govern NHIs
Review NHI accounts for Least Privilege permissions, correct ownership, and/or continued business need.- Understand deep context for NHI secrets with Last Used date, Last Rotated date and/or expiration date of certificates.
- Prompt NHI owners to rotate keys, retire unneeded accounts, or migrate credentials to a secrets vault.
Automate the NHI lifecycle
- Create, modify permissions, and remove AD Managed Service accounts.
- Connect with employee or manager requests with Access Requests.
- Integrate programmatically via API to enterprise applications with Access AuthZ.
Prioritize NHI remediation with risk scoring
- Gain a quantified risk score for NHIs, keys, and secrets based on the breadth and depth of permissions and potential blast radius.
- Prioritize security alerts across your infrastructure based on the identity risk.
- Integrate with third-party security tools like Crowdstrike.
NHI use cases
NHIs impact all aspects of the enterprise. Veza helps you discover, secure, and provision NHIs wherever they are.
Discover NHIs
Find and label which accounts are non-human across 250+ integrations
Identify “clear” NHIs, like service principals and managed service accounts. Use search and filtering to find “likely” NHIs, for example via naming conventions or lack of MFA. Sync NHI labels in Veza with external sources like CMDBs.
Analyze permissions for least privilege
Understand permissions of NHI accounts/keys and right-size to business need
NHIs have been part of Veza’s data model and platform since day one. See all permissions to system resources across all Veza integrations.
Assign human owners
Enables governance and manual key rotation
Use Veza Tags to assign human owners to NHIs. Import ownership data from spreadsheets or other external sources.
Ensure key rotation
Identify login credentials and security/compliance risks.
Associate credentials with NHIs, and capture metadata from integrated systems, like “Time last rotated” and “Time last used”
Access Reviews
NHI owner-driven reviews
Assign reviews of all access to NHIs to their owners for certification. Identify and remove unneeded access.
Activity monitoring
Find dormant permissions to fix excess privilege
Know if NHIs are actually using their permissions in core platforms like Snowflake and AWS. Remove unused access.
Role recommendations
Create new NHIs that are right-sized to application needs
Optimize the NHI provisioning process to fix over-permissioning at the time of account creation. Eliminate “admin-level” permissions on NHIs where not needed.
