If you are like me, a couple of years ago it was like I woke up to a new concept in the world of IT: the non-human identity. But, wait…this sounds very familiar. Haven’t we had service accounts and machines identities for performing automated tasks for many years now? In fact, I was on a development team that produced what is now known as RPA tools that helped automate repetitive IT tasks; an area highly used by many enterprises. And I know that there were other types of identities used for things like housing credentials and tokens.
So what’s the deal? Why am I starting to hear so much about these silent partners of the IT world in a way that it sounds like a new revelation? Actually, there are a few reasons for this. And, no, AI is not the only reason; but it is one of the reasons. Let’s take a look at why we’re at this point:
- The sheer number. Non-human identities are currently averaging a 50:1 ratio against their human counterparts; and is expected to grow to even higher volumes such as 100:1. This overwhelming volume makes it harder and harder for the IT staffs to keep track of and properly manage.
- Increase in business demands. Businesses in all sectors are having to react quickly. In fact, a movement that has grown more and more is Software Defined Infrastructure (SDI). Much like Software Defined Networking, this allows entire IT infrastructures to be dynamically configured and managed by automation tools and guiding policies. Of course, this relies on several layers of non-human servers and overarching identities to drive these processes.
- Increase in cybersecurity attacks. Gone are the days of basic data theft. Ransomware has firmly taken things to a new level by totally disabling a business’s ability to perform their daily functions. And where do you think they’ve found many vulnerabilities? Yes, of course, in non-human identities. But more about that later.
- AI. There – we finally came to the elephant in the room. Being at the center of many of the automation “brains”, AI has also become one of the biggest vulnerabilities in many IT infrastructures. It is a vulnerability primarily in the event that the AI model itself becomes poisoned. In other words, the root information that the AI engine is making many of its decisions from is altered to make decisions differently.
- But it’s not just a vulnerability within an IT organization, it’s also a threat. Hackers are now using AI in ways that replaces old manual methods so that it AI does the learning for them in terms of the best attack methods to use for each individual situation.
Okay, those are a few things to consider. Now that you are up to date with the “Why” is it such a big deal, the next step is what can be done about it? Without venturing off into another rabbit hole, let’s just say that many non-human identities and the underlying infrastructures that they run on are silent partners that many IT organizations forget about. And that’s what hackers like. But that’s a discussion for another time.
