2024 Enterprise Strategy Group Report

Managing Non-human Identities for an Effective Cybersecurity Program

Nearly Three in Four Enterprises Suspect They Have Exposed Non-human Identities

2024 ESG NHI Survey eBook

There is no doubt that non-human (machine) identities (NHIs) continue to grow at exponential rates. This growth is being fueled by application modernization, cloud initiatives, containerization, IoT, and AI strategies. As a result, managing NHIs is becoming a challenge leading to inadequate security and significant risks. This survey uncovers how enterprises are struggling to secure NHIs causing compromises and successful cyberattacks. Best practices and solutions to managing NHIs are now essential to improving security postures, maintaining compliance and meeting key business objectives.

Here are some of the key findings from the ESG survey report

Managing Non-human identities is a growing challenge

20X

more non-human identities than human identities

52%

of organizations expect NHIs under management to increase by 20% in next 12 months

Organizations believe more than

20%

of non-human identities are insufficiently secured

Inadequate NHI security

is creating significant security risks

Multiple non-human identity compromise events reported

74%

of organizations either know or suspect non-human accounts or credentials have been compromised

Enterprises reported experiencing an average of

2.7

compromises of NHIs

66%

of enterprises endured a successful cyberattack resulting from compromised NHIs

57%

of NHI compromises got Board of Directors attention

Factors leading to non-human identity compromises

29%

weak or deprecated encryption algorithms

27%

exposed secrets embedded in an application

23%

expired certificates

29%

exposed keys or secrets stored in files, spreadsheets, etc

21%

unknown revoked certificates

18%

CA compromise

TechTarget’s Enterprise Strategy Group surveyed 367 IT, cybersecurity, and DevOps, platform, and cybersecurity engineering professionals at organizations in North America (US and Canada) involved with or responsible for the technologies and processes that secure non-human identities and machine workloads.

DOWNLOAD REPORT