Builders, engineers, and finish customers throughout the group and broader ecosystem usually create NHIs and grant them entry with out a deep understanding of the implications of those long-lived credentials, their degree of entry, and their potential exploitation by malicious actors — with out the governance or involvement of security groups.
The implications of that is manifesting in massively overly permissive identities. Some cloud-native security corporations have discovered that solely 2% of granted permissions are literally used, suggesting that there’s a huge sprawl of ungoverned, usually unsecured, identities with much more entry and permissions than wanted, making them ripe for exploitation and abuse by attackers.
NHI entry is facilitated by Open Authorization
NHIs are a core a part of enabling actions, workflows and duties in enterprise environments, usually utilizing extensively pervasive and common software program and companies corresponding to Google, GitHub, Salesforce, Microsoft 365/Azure AD, Slack and extra.