If you are like me, a couple of years ago it felt like I suddenly woke up to a new concept in the world of IT: the non-human identity (NHI). But, wait… this sounds very familiar. Haven’t we had service accounts and machine identities for performing automated tasks for many years now? In fact, I was on a development team that produced what we now call RPA tools – used to automate repetitive IT tasks; an area highly used by many enterprises. And I know that there were other types of identities used for things like housing credentials and tokens.
So, what’s the deal? Why am I starting to hear so much about these silent partners of the IT world in a way that it sounds like a new revelation? Actually, there are a few reasons for this. And, no, AI is not the only reason; but it is one of the reasons. Let’s take a look at why we’re at this point:
The sheer number of NHIs
Non-human identities are currently averaging a 50:1 ratio against their human counterparts; and that gap is projected to widen to as much as 100:1. This overwhelming volume makes it harder and harder for IT staff to keep track of and properly manage NHIs.
An increase in business demands
Businesses in all sectors are having to react quickly. In fact, a movement that has continued to grow is Software Defined Infrastructure (SDI). Much like Software Defined Networking, this allows entire IT infrastructures to be dynamically configured and managed by automation tools and guiding policies. Of course, this relies on several layers of non-human servers and overarching identities to drive these processes.
An increase in cybersecurity attacks
Gone are the days of basic data theft. Ransomware has firmly taken things to a new level by totally disabling a business’ ability to perform their daily functions. And where do you think they’ve found many vulnerabilities? Yes, of course, in non-human identities. But more about that later.
Artificial intelligence
There – we finally came to the elephant in the room. Being at the center of many of the automation “brains”, AI has also become one of the biggest vulnerabilities in many IT infrastructures. It is a vulnerability primarily in the event that the AI model itself becomes poisoned. In other words, the root information that the AI engine is making many of its decisions from is altered to make decisions differently.
But it’s not just a vulnerability within an IT organization – it’s also a threat. Hackers are now using AI in ways that replace old manual methods so that AI does the learning for them in terms of the best attack methods to use for each individual situation.
So, where do we go from here?
Now that you are up to date with the “why” NHIs are such a big deal, the next step is to figure out what can be done about it. Without venturing off into another rabbit hole, let’s just say that many non-human identities and the underlying infrastructures that they run on are silent partners that many IT organizations forget about. And that’s what hackers like. But that’s a discussion for another time.
