Entro Security Labs’ research indicates that 97% of Non-Human Identities (NHIs) possess excessive privileges, leading to heightened risks of unauthorized access and broader attack surfaces. This alarming revelation underscores the necessity for enhanced Secrets Management and security practices across organizations, particularly in light of the pervasive misconfigurations and risks identified in the handling of NHIs and human identities alike.
The report highlighted that 44% of tokens are in the wild, being transmitted or stored over platforms like Teams and Jira, making sensitive information vulnerable to interception. These practices not only risk the exposure of essential secrets but are also the root causes of many breaches relating to NHIs. This showcases a significant gap in adherence to secure practices within organizations handling sensitive information.
With an average of 92 non-human identities per human identity and 91% of tokens tied to former employees remaining active, organizations are at an increased risk of security breaches. The sheer number of NHIs complicates identity management, creating potential vulnerabilities that can be exploited by malicious actors. Emphasizing the need for organizations to reassess their identity management strategies.
The findings from Entro Security reveal that 70% of organizations onboard new vaults without proper security approval, increasing the chances of vulnerabilities from the start. Additionally, 73% of vaults are misconfigured—leading to unauthorized access and, consequently, the exposure of sensitive data. This highlights a critical need for improved governance around vault management and security policies to protect non-human identities.
[
Collection
]
[
|
...
]