Webinar Recap: State of Non-Human Identity Security

In a recent webinar, Astrix Security and Cloud Security Alliance (CSA) teamed up to present findings from the latest report on the state of non-human identity (NHI) security. Featuring expert insights from Hillary Baron, Senior Technical Research Director at CSA, and Tal Skverer, Astrix’s Security Research Team Lead, the session covered key challenges organizations face in managing NHIs and provided actionable strategies for strengthening security.

Key highlights:

• The rising threat of NHIs: Non-human identities (such as API keys, service accounts, and automation tokens) are increasingly being targeted in cyberattacks. Recent high-profile breaches, including those impacting Cloudflare and Snowflake, have highlighted how attackers exploit weakly managed NHIs.
• Top challenges in managing NHIs: A survey of over 800 security professionals revealed widespread struggles with basic NHI security. Over 30% of respondents cited difficulties managing service accounts, and only 19% are continuously monitoring NHI permissions. Alarmingly, 38% reported little or no visibility into third-party OAuth apps.
• Automation gaps: Organizations still rely heavily on manual processes for managing and offboarding NHIs. Only 16% have automated processes for key rotation, and less than 20% automate offboarding tasks, leaving systems vulnerable to security breaches.
• Low confidence, high anxiety: Many organizations report low confidence in securing NHIs compared to human identities, contributing to high levels of concern. However, most plan to invest in NHI security within the next 12 months, targeting areas such as third-party access, secret management, and identity discovery.

For a deeper dive into the full expert insights, including detailed and technical analysis, check out the full recording and access the resources from the webinar.