We hear this quite a bit:
“We have lots of of service accounts and AI brokers working within the background. We did not create most of them. We do not know who owns them. How are we speculated to safe them?”
Each enterprise right now runs on greater than customers. Behind the scenes, hundreds of non-human identities, from service accounts to API tokens to AI brokers, entry programs, transfer information, and execute duties across the clock.
They don’t seem to be new. However they’re multiplying quick. And most weren’t constructed with safety in thoughts.
Conventional id instruments assume intent, context, and possession. Non-human identities have none of these. They do not log out and in. They do not get offboarded. And with the rise of autonomous brokers, they’re starting to make their very own selections, usually with broad permissions and little oversight.
It is already creating new blind spots. However we’re solely initially.
On this publish, we’ll take a look at how non-human id threat is evolving, the place most organizations are nonetheless uncovered, and the way an id safety cloth helps safety groups get forward earlier than the size turns into unmanageable.
The rise (and threat) of non-human identities
Cloud-first architectures elevated infrastructure complexity and triggered a surge in background identities. As these environments develop, the variety of background identities grows with them, a lot of which get created robotically, with out clear possession or oversight. In lots of circumstances, these identities outnumber human customers by greater than 80 to 1.
What makes that particularly dangerous is how little most groups find out about them. NHIs usually get created robotically throughout deployment or provisioning, then disappear from the radar, untracked, unowned, and infrequently over-permissioned.
Service accounts, particularly, are in every single place. They transfer information between programs, run scheduled jobs, and authenticate headless companies. However their sprawl is never seen, and their permissions are not often reviewed. Over time, they grow to be good automobiles for lateral motion and privilege escalation.
However service accounts are solely a part of the image. As AI adoption grows, a brand new class of non-human id introduces much more unpredictable threat.
Why AI brokers behave in a different way and why that issues
In contrast to most machine identities, AI brokers provoke actions on their very own; interacting with APIs, querying information, and making selections autonomously.
That autonomy comes at a price. AI brokers usually want entry to delicate information and APIs, however few organizations have guardrails for what they’ll do or easy methods to revoke that entry.
Worse, most AI brokers lack clear possession, comply with no commonplace lifecycle, and supply little visibility into their real-world habits. They are often deployed by builders, embedded in instruments, or known as through exterior APIs. As soon as dwell, they’ll run indefinitely, usually with persistent credentials and elevated permissions.
And since they are not tied to a consumer or session, AI brokers are troublesome to watch utilizing conventional id alerts like IP, location, or gadget context.
The price of invisible entry
Secrets and techniques get hardcoded. Tokens get reused. Orphaned identities stay energetic for months, generally years.
These dangers should not new, however static credentials and wide-open entry might have been manageable whenever you had a couple of dozen service accounts. However with hundreds, or tens of hundreds, of NHIs working independently throughout cloud companies, handbook monitoring merely does not scale.
That is why many safety groups are revisiting how they outline id within the first place. As a result of if an AI agent can authenticate, entry information, and make selections, it is an id. And if that id is not ruled, it is a legal responsibility.
Frequent NHI safety challenges
Understanding that non-human identities characterize a rising threat is one factor; managing that threat is one other. The core drawback is that the instruments and processes constructed for human id administration do not translate to the world of APIs, service accounts, and AI brokers. This disconnect creates a number of distinct and harmful safety challenges that many organizations are solely starting to confront.
You’ll be able to’t shield what you’ll be able to’t see
Probably the most basic problem in securing NHIs is visibility. Most safety groups do not have a whole stock of each non-human id working of their surroundings. These identities are sometimes created dynamically by builders or automated programs to serve a particular, non permanent operate. They get spun as much as assist a brand new microservice, run a deployment script, or combine a third-party software.
As soon as created, nevertheless, they not often get documented or tracked in a central id administration system. They grow to be “shadow” identities, energetic and practical, however utterly invisible to safety and IT. And not using a complete view of what NHIs exist, who (or what) created them, and what they’re accessing, it is not possible to construct a significant safety technique. You’re left attempting to safe an assault floor of an unknown dimension.
Why “set it and overlook it” is a safety legal responsibility
A standard observe for builders and operations groups is to assign broad permissions to NHIs to make sure a service or software works with out interruption. Consider it as putting in an app that asks for entry to your digital camera roll, microphone, and placement. You faucet “Enable” simply to get it working, then overlook about it.
It is faster and extra handy in the mean time, but it surely introduces pointless dangers. Equally, assigning overly broad permissions to NHIs would possibly make setup simpler, but it surely creates important safety gaps, leaving your programs susceptible to exploitation.
The precept of least privilege is commonly sacrificed for pace and comfort. An NHI would possibly solely have to learn information from one database desk, but it surely’s granted write entry to the whole database to keep away from future permission-related errors.
This method creates a large safety legal responsibility. These over-permissioned identities grow to be high-value targets for attackers. If a risk actor compromises an NHI with extreme privileges, they’ll transfer laterally throughout programs, escalate their entry, and exfiltrate delicate information with out ever needing a human consumer’s credentials.
Due to how not often NHIs are reviewed or deprovisioned, these permissive accounts can stay energetic and susceptible for months and even years, ready to be exploited.
No context, no fashionable controls
Trendy id safety depends on context. When a consumer logs in, we will confirm their id utilizing alerts like their location, gadget, and community, usually prompting for multi-factor authentication (MFA) if one thing appears uncommon. NHIs have none of this context. They’re simply code executing on a server. They do not have a tool, a geographic location, or behavioral patterns that may be simply monitored.
As a result of they authenticate with static, long-lived credentials, MFA does not apply. Because of this if a credential is stolen, there isn’t a second issue to cease an attacker from utilizing it. The absence of context-aware entry controls makes it extremely troublesome to differentiate between authentic and malicious NHI exercise till it is too late.
Orphaned identities and digital ghosts
What occurs when the developer who created a service account leaves the corporate? Or when an software that used a particular API token is decommissioned? In most organizations, the related NHIs are left behind. These “orphaned” or “lingering” identities stay energetic, with their permissions intact, however with no proprietor chargeable for their lifecycle.
These digital ghosts are a compliance nightmare and a safety threat. They muddle the surroundings, making it more durable to determine authentic and energetic identities. Extra importantly, they characterize an deserted, unmonitored entry level into your programs. An attacker who discovers an orphaned id with legitimate credentials has discovered an ideal backdoor, one which no one is watching.
How safety groups are regaining management
Going through an assault floor that’s increasing and turning into extra autonomous, main safety groups are shifting from reactive fixes to proactive governance. That shift begins with recognizing each credentialed system, script, and agent as an id value governing.
Uncover and stock all NHIs
Trendy id platforms can scan environments like AWS, GCP, and on-prem infrastructure to floor hidden tokens, unmanaged service accounts, and over-permissioned roles.
These instruments exchange spreadsheets and guesswork with a real-time, unified stock of each, human and non-human identities. With out this basis, governance is simply guesswork. With it, safety groups can lastly transfer from taking part in whack-a-mole with service accounts to constructing actual management.
Triage and sort out high-risk identities first
With a whole stock in place, the subsequent step is to shrink the potential blast radius. Not all NHIs pose the identical stage of threat. The secret’s to prioritize remediation primarily based on permissions and entry. Threat-based privilege administration helps determine which identities are dangerously over-permissioned.
From there, groups can systematically right-size entry to align with the precept of least privilege. This additionally includes implementing stronger controls, reminiscent of automated rotation for secrets and techniques and credentials. For probably the most highly effective NHIs, like autonomous AI brokers, it is vital to have “kill switches” that permit for rapid session termination if anomalous habits is detected.
Automate governance and lifecycle
Human identities have lifecycle insurance policies: onboarding, function adjustments, offboarding. Non-human identities want the identical rigor.
Main organizations are automating these processes end-to-end. When a brand new NHI is created, it is assigned an proprietor, given scoped permissions, and added to an auditable stock. When a device is retired or a developer leaves, related identities are robotically deprovisioned, closing the door on orphaned accounts and making certain entry does not linger indefinitely.
Why an id safety cloth adjustments the equation
Most of the dangers tied to non-human identities have much less to do with the identities themselves and extra to do with the fragmented programs attempting to handle them.
Every cloud supplier, CI/CD device, and AI platform handles id in a different way. Some use static tokens. Some situation credentials throughout deploy. Some do not expire entry in any respect. And not using a shared system for outlining possession, assigning permissions, and implementing guardrails, the sprawl grows unchecked.
A unified id safety cloth adjustments this by consolidating all identities, human and non-human, below a single management aircraft. And with Okta, meaning:
- Mechanically surfacing identities and posture gaps with Identification Safety Posture Administration (ISPM)
- Making use of least-privilege entry with rotation and vaulting for delicate secrets and techniques
- Defining lifecycle insurance policies for each id, together with brokers and repair accounts
- Extending workload id patterns (short-lived tokens, shopper credentials) and adaptive entry to companies and background jobs
- Governing entry to AWS companies like Bedrock and Amazon Q, whereas AWS IAM points and enforces the underlying agent/workload credentials
As an alternative of sewing collectively workarounds, groups can outline id controls as soon as and apply them in every single place. Meaning fewer blind spots, quicker response instances, and a smaller assault floor, while not having ten completely different instruments to get there.
Do not let NHIs grow to be your largest blind spot
AI brokers and non-human identities are already reshaping your assault floor. They’re multiplying quicker than most groups can monitor and too many nonetheless function with out clear possession, sturdy controls, or any actual visibility.
You need not rebuild your technique from the bottom up. However you do have to deal with non-human identities like what they’re: crucial entry factors that deserve the identical governance as any consumer.
With a unified id platform, safety groups can stock what’s working, apply scalable controls, and minimize off dangerous entry earlier than it is exploited—not after.
See how Okta and AWS assist organizations deliver order to NHI sprawl. [Download the guide] to get began.
