Non-Human Identity Management

Non-human identities (NHIs) are the largest and fastest growing part of your identity attack surface, outnumbering human identities by an average of 17 to 1. Hackers can leverage NHIs just as easily as human identities, so your security and compliance strategies must address NHIs as first-class citizens.

Challenges in

securing NHIs

Visibility

Tools like secrets managers rely on you already knowing where your NHIs are, but they can be hard to find, and often appear the same as human identities.

Context

It’s not always obvious who created an NHI, who maintains it, or what it’s for. Since many NHIs are used by core business applications, changing anything about them is high risk.

Process gaps

While their access creates risk in the same way as human identities, NHIs are often excluded from the tools and process we use to manage human identities, like access reviews, MFA and lifecycle management.

Intelligent Access at scale for NHIs

Posture &
Misconfigurations

Find and fix misconfigured cloud identities—human and non-human—that enable privilege escalation and lateral movement attacks.

Remove risky
access

Root out inactive, dormant and over-permissioned service accounts, RPA identities, and SaaS integrations.

Out-of-the-box
intelligence

Identify and fix your riskiest NHIs, like service accounts with admin privileges, before they can be exploited by an attacker.

Blast radius
analysis

Identify your high blast radius NHIs—those with broad access to cloud resources—who represent the greatest risk if compromised.

Intelligent access
for NHIs

Discover NHIs across your stack

  • Identify known and likely NHIs from across on-prem, SaaS and cloud infrastructure.
  • Import data from CMDBs or external spreadsheets to clearly label NHIs and assign human owners.
  • Identify “shadow” NHIs not in your secrets manager and bring them in line with your security and governance policies.

Least privilege for all identities

  • Analyze permissions and activity of NHIs to identify and remove unneeded privileges, including admin permissions, without disrupting business-critical processes.
  • Eliminate shadow NHIs by identifying and restricting the power to create and provision access to virtual machines, lambda functions, certificates, and secrets.
  • Use access requests and role recommendations to create a single streamlined provisioning processes for both human and non-human identities that maintains least privilege.

One process to govern humans and NHIs

  • Instantly compile and assign access reviews and certifications for NHIs.
  • Ensure human owners are accountable for privileged NHIs.
  • Enforce security policies like key rotation for NHIs, and provide useful context to access reviewers, like “Time last rotated” and “Time last used”.