Details
Insecure communication between non-human identities can lead to data interception, man-in-the-middle attacks, and unauthorized access to sensitive information. This risk is particularly critical for identities that handle sensitive data or control critical systems.
Stay Informed
Video Explanation
Enhance Your Security Posture
Learn how to protect your non-human identities and strengthen your overall cybersecurity strategy.
Get StartedExample Scenario
SmartHome Inc. launches a new line of IoT devices, including smart locks, cameras, and thermostats. In a rush to market, they implement basic HTTP communication between the devices and their cloud servers, planning to 'add encryption later'. Within weeks of launch, a cybersecurity researcher demonstrates a man-in-the-middle attack at a tech conference, intercepting and manipulating commands sent to these devices. They show how an attacker could unlock doors, disable cameras, and even potentially create dangerous situations by manipulating thermostat readings. The news goes viral, forcing SmartHome Inc. to recall all devices and suffer significant brand damage.
Mitigation Strategies
- Enforce encryption for all non-human identity communications
- Implement proper certificate validation and pinning
- Use secure protocols (e.g., TLS 1.3) for all network communications
Best Practices
- Regularly update and patch communication libraries and protocols
- Implement mutual TLS (mTLS) for service-to-service communication
- Use VPNs or other secure tunneling methods for remote communications
References
Related Risks
Inadequate deactivation or removal of non-human identities when no longer needed....
Learn More about Improper OffboardingLearn more about Improper OffboardingUnintended exposure of sensitive non-human identity credentials to unauthorized parties....
Learn More about Secret LeakageLearn more about Secret LeakageNon-human identities are granted more permissions than necessary for their intended functions....
Learn More about Excessive PermissionsLearn more about Excessive PermissionsFailure to regularly update or rotate credentials for non-human identities....
Learn More about Inadequate RotationLearn more about Inadequate Rotation