2024 Enterprise Strategy Group Report
Managing Non-human Identities for an Effective Cybersecurity Program
There is no doubt that non-human (machine) identities (NHIs) continue to grow at exponential rates. This growth is being fueled by application modernization, cloud initiatives, containerization, IoT, and AI strategies. As a result, managing NHIs is becoming a challenge leading to inadequate security and significant risks. This survey uncovers how enterprises are struggling to secure NHIs causing compromises and successful cyberattacks. Best practices and solutions to managing NHIs are now essential to improving security postures, maintaining compliance and meeting key business objectives.
Managing Non-human identities is a growing challenge
20X
more non-human identities than human identities
52%
of organizations expect NHIs under management to increase by 20% in next 12 months
Organizations believe more than
20%
of non-human identities are insufficiently secured
is creating significant security risks
Multiple non-human identity compromise events reported
74%
of organizations either know or suspect non-human accounts or credentials have been compromised
Enterprises reported experiencing an average of
2.7
compromises of NHIs
66%
of enterprises endured a successful cyberattack resulting from compromised NHIs
57%
of NHI compromises got Board of Directors attention
weak or deprecated encryption algorithms
exposed secrets embedded in an application
expired certificates
exposed keys or secrets stored in files, spreadsheets, etc
unknown revoked certificates
CA compromise
TechTarget’s Enterprise Strategy Group surveyed 367 IT, cybersecurity, and DevOps, platform, and cybersecurity engineering professionals at organizations in North America (US and Canada) involved with or responsible for the technologies and processes that secure non-human identities and machine workloads.