New research conducted by Enterprise Strategy Group exposes growing security risks posed by machine identities and provides actionable mitigation advice
AppViewX, the leader in automated certificate lifecycle management (CLM) and PKI solutions, today announced the release of a new report titled, Securing Non-Human Identities: Insights for an Effective Cybersecurity Program. Conducted in partnership with TechTarget’s Enterprise Strategy Group (ESG), the report surveyed 367 IT, cybersecurity, and DevOps professionals to assess the growing volume and risks associated with non-human identities (NHIs) in modern IT environments.
Also Read: CloudDefense.AI Releases Key Insights into CVE, IaC Scanning, and Deepfake Technology
“The complexity of modern cloud environments makes managing non-human identities manually unfeasible, even for smaller organizations. Meanwhile, digital transformation, AI and cloud-first initiatives are pushing the population of these digital identities to near exponential growth”
The research exposes the security threats associated with NHIs, which include machine identities, digital certificates, API cloud keys, service accounts, and other automated systems. According to the report, NHIs outnumber human identities by a factor of 20, yet nearly one in five are inadequately protected. The study also found that 66 percent of enterprises have experienced a successful cyberattack resulting from compromised NHIs. Additionally, 57 percent of the episodes where organizations suffering a successful attack tied to NHI compromises got Board of Directors attention.
Also Read: Bots and Deepfakes: How Do We Navigate the New Era of Digital Identity?
“Non-human identities represent one of the most significant attack surfaces within today’s enterprises,” said Todd Thiemann, Senior Analyst at ESG. “Without proper management and security controls, NHIs can lead to costly data breaches, operational disruptions, and compliance failures. This report provides valuable insight into the current NHI landscape, how organizations are addressing risks, and their intentions for ensuring continuous security as their NHI volume grows.”
Key Findings from the Report Include:
- NHI Proliferation: Organizations now manage 20 times more non-human identities than human ones, with more than 50% expecting this number to increase by over 20% in the next year.
- Compromise Incidents: Nearly 46% of organizations have experienced breaches related to non-human identities, with the average enterprise suffering 2.7 incidents in the past year.
- Visibility and Lifecycle Challenges: A significant portion of respondents reported poor visibility into their NHI environment, with many lacking confidence in their ability to secure and manage these identities effectively.
- Increased Investment in Security: Over 80% of organizations expect to increase spending on non-human identity security, with a focus on identity threat detection, certificate lifecycle management, and workload access control.
“The complexity of modern cloud environments makes managing non-human identities manually unfeasible, even for smaller organizations. Meanwhile, digital transformation, AI and cloud-first initiatives are pushing the population of these digital identities to near exponential growth,” said Gregory Webb, Chief Executive Officer at AppViewX. “Automated certificate lifecycle management and crypto-agility are key to avoiding security lapses, preventing costly outages and reducing exposure to cyber threats. This report underscores both the scale and severity of the problem.”
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]