Details
When non-human identities are not properly offboarded, they can become a significant security risk. These identities, which may include service accounts, API keys, or other forms of machine-to-machine authentication, can provide unauthorized access to systems and data if they remain active after they're no longer needed.
Stay Informed
Video Explanation
Enhance Your Security Posture
Learn how to protect your non-human identities and strengthen your overall cybersecurity strategy.
Get StartedExample Scenario
TechCorp, a rapidly growing startup, undergoes a major restructuring. During this process, they decommission several microservices but forget to revoke the associated service account credentials. Six months later, a disgruntled former employee discovers their old development credentials still work. They use these to access the production environment, exfiltrating sensitive customer data and deploying malicious code. The breach goes undetected for weeks, resulting in significant financial and reputational damage to TechCorp.
Mitigation Strategies
- Implement automated offboarding processes for non-human identities
- Regularly audit and review all active non-human identities
- Use time-bound or temporary credentials where possible
Best Practices
- Maintain an up-to-date inventory of all non-human identities
- Implement a 'least privilege' approach for all NHIs
- Use automated tools to detect and alert on unused or expired NHIs
References
Related Risks
Unintended exposure of sensitive non-human identity credentials to unauthorized parties....
Learn More about Secret LeakageLearn more about Secret LeakageNon-human identities are granted more permissions than necessary for their intended functions....
Learn More about Excessive PermissionsLearn more about Excessive PermissionsFailure to regularly update or rotate credentials for non-human identities....
Learn More about Inadequate RotationLearn more about Inadequate RotationNon-human identities communicate over insecure channels or without proper encryption....
Learn More about Insecure CommunicationLearn more about Insecure Communication