A shared device workflow is an operating model where multiple people use the same workstation, terminal, or vehicle system across shifts. It is common in public safety, but it raises identity and audit challenges because the device is shared while the responsibility for access must remain individual.
Expanded Definition
A shared device workflow is not just “shared equipment use”; in NHI operations it is a controlled access pattern where identity must follow the person, even when the workstation, rugged terminal, kiosk, or vehicle system does not. Definitions vary across vendors when devices cache sessions or hand off credentials between shifts, so the safer baseline is to treat the device as non-exclusive and the user session as individually accountable.
That distinction matters because the device can be shared while authentication, authorisation, logging, and revocation remain per user. In practice, a well-run workflow relies on strong session separation, fast re-authentication, and clear attribution of actions to a named operator. This aligns with the identity governance principles described in Ultimate Guide to NHIs and the access-control emphasis in NIST Cybersecurity Framework 2.0.
The most common misapplication is treating shared login credentials as acceptable because the hardware is shared, which occurs when shift teams prioritise convenience over per-user accountability.
Examples and Use Cases
Implementing shared device workflow rigorously often introduces a small delay at shift changes, requiring organisations to weigh operational speed against attribution, revocation, and audit quality.
- A public safety dispatcher signs out of a console at the end of a shift, and the next operator authenticates with an individual identity before inheriting the same physical terminal.
- A warehouse picker uses a handheld scanner that remains on a shared dock, but each pick action is tied to a unique user session and event log.
- A hospital clinician taps in on a shared nursing station, then re-authenticates after a timeout so chart access and medication approvals remain attributable to one person.
- A field technician uses a shared vehicle infotainment or routing system, while administrative functions are protected behind role-based controls and session expiry.
- A control-room operator relies on a shared workstation, but step-up verification is required before privileged commands or emergency overrides can be issued.
These workflows are easier to govern when teams follow the visibility and lifecycle guidance in Ultimate Guide to NHIs and apply the access monitoring concepts in NIST Cybersecurity Framework 2.0.
Why It Matters in NHI Security
Shared device workflows become an NHI issue when the device is the front door to secrets, service tools, or privileged actions. If session handoff is weak, the organisation can lose attribution for which human approved a task, which account used a token, or whether a service identity was exposed during a shift transition. The risk is not abstract: Ultimate Guide to NHIs reports that 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, showing how quickly access hygiene failures can become incident drivers.
This is where Zero Trust thinking matters. A shared terminal should never imply shared trust, and a shared vehicle system should never imply shared authorisation. Practitioners should look for short session lifetimes, strong re-authentication, least privilege, and explicit logging of every action that could affect secrets or automation. Those controls map cleanly to NIST Cybersecurity Framework 2.0 and the broader lifecycle guidance in the Ultimate Guide to NHIs.
Organisations typically encounter the real cost only after a misuse investigation, at which point shared device workflow becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Shared device use often fails through weak session isolation and access attribution. |
| NIST CSF 2.0 | PR.AC-4 | Least-privilege access must persist even when multiple users share the same device. |
| NIST Zero Trust (SP 800-207) | AC-4 | Zero Trust requires continuous verification rather than trusting the shared workstation. |
Map each shift user to explicit entitlements and review access before device handoff.
