Notifications
Clear all
Topic starter
09/06/2026 11:03 pm
TL;DR: Non-human identities now outnumber human identities by 45:1 to 80:1 in many cloud-native environments, and the article argues that static roles, long-lived keys, and admin-time permissions cannot keep pace with ephemeral workloads, according to Cerbos. Runtime contextual authorization becomes the decisive control because identity alone does not answer what a workload should be allowed to do in the moment.
NHIMG editorial — based on content published by Cerbos: runtime authorization for non-human identities in cloud-native systems
By the numbers:
- Industry reports peg the ratio of machine-to-human identities anywhere from 45:1 to 80:1.
Questions worth separating out
Q: How should security teams govern non-human identities in cloud-native environments?
A: They should treat non-human identities as first-class principals with their own lifecycle, ownership, scope, and expiry.
Q: Why do static roles fail for ephemeral workloads?
A: Static roles fail because they assume access is stable long enough to be reviewed and reused, while ephemeral workloads may exist only briefly and then disappear.
Q: How do organisations know if non-human identity controls are working?
A: They should look for fewer long-lived secrets, shorter credential lifetimes, and fewer orphaned accounts after workloads are decommissioned.
Practitioner guidance
- Map non-human identity lifecycles Inventory service accounts, API keys, CI jobs, and workload identities by owner, purpose, creation date, and revocation path.
- Replace static privilege with request-time policy Move sensitive authorisation checks to runtime so each request can be evaluated against workload, environment, and user context.
- Automate credential expiry and revocation Issue short-lived tokens for CI/CD jobs, serverless functions, and service integrations, and ensure they are revoked when the task ends.
What's in the full article
Cerbos's full analysis covers the operational detail this post intentionally leaves for the source:
- Policy-engine patterns for enforcing contextual authorisation across API gateways, meshes, and services
- Examples of attribute sets used in runtime decisions, including workload identity, namespace, user role, and environment
- Discussion of stateless PDP deployment and how it scales across cloud-native estates
- Practical ways to introduce per-transaction identity for short-lived automated workflows
👉 Read Cerbos's analysis of runtime authorisation for non-human identities →
Non-human identity runtime authorization: are your controls keeping up?
Explore further
10/06/2026 1:15 am
Static entitlement models are the wrong abstraction for ephemeral non-human identities. The article shows that workloads, CI jobs, and serverless functions now appear and disappear faster than traditional IAM assignment cycles can follow. That means role design based on durable principals no longer matches how access is actually consumed. The practitioner implication is that entitlement strategy has to shift from provisioning-time assumptions to request-time governance.
Ephemeral access only works when lifecycle controls catch up to workload churn. In many environments, the governance problem is not lack of authentication but lack of timely teardown. That is why machine identity programmes need to be built around expiry, ownership, and automated revocation rather than around static account administration.
A question worth separating out:
Q: What should teams do when CI/CD credentials outlive the pipeline?
A: They should treat that as a lifecycle failure, not an isolated secret issue. The credential should be revoked, the pipeline ownership reviewed, and future issuance tied to an automated teardown path. Persistent access after the job ends is exactly the pattern that turns build systems into hidden attack surfaces.
👉 Read our full editorial: Runtime authorization for non-human identities in cloud-native systems
