Notifications
Clear all
Topic starter
28/05/2026 11:38 am
TL;DR: Supply chain attacks are increasingly turning trusted third parties into access paths, and the Sisense breach highlighted how downstream exposure can spread through identity and integration layers, according to Saviynt. The governance gap is no longer perimeter defense, but control over who and what can act through delegated trust.
NHIMG editorial — based on content published by Saviynt covering the Sisense breach and supply chain attack risk
By the numbers:
- Enterprises that have experienced a compromised NHI averaged 2.7 separate incidents in the past 12 months.
Questions worth separating out
Q: How should security teams manage third-party non-human identities in supply chain environments?
A: Security teams should inventory every external service account, token, and certificate, assign an owner, and scope each credential to a specific workflow or environment.
Q: What is the difference between third-party risk management and NHI governance?
A: Third-party risk management evaluates the supplier relationship, while NHI governance controls the credentials and machine identities that supplier can use inside your environment.
Q: When does a supply chain incident become an identity security problem?
A: A supply chain incident becomes an identity security problem whenever the attacker can use a trusted integration, token, or service account to move beyond the original compromise.
Practitioner guidance
- Implement vendor-linked NHI inventory Build a complete inventory of service accounts, API keys, tokens, and certificates tied to external vendors, partners, and SaaS integrations.
- Reduce delegated access scope Review every partner and supply chain integration for broad permissions, then narrow each credential to a single workflow, environment, or dataset.
- Automate credential rotation and revocation Tie rotation and revocation to change events, vendor offboarding, and inactivity thresholds.
With the 2024 ESG Report showing that two-thirds of enterprises have already suffered a successful attack tied to compromised non-human identities, the programme gap is structural, not accidental?
👉 Read Saviynt's analysis of the Sisense breach and supply chain attack risk →
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
28/05/2026 11:42 am
Supply chain security is now identity security by another name. The old framing treated third-party risk as a procurement or vendor-management issue. That is no longer sufficient when the practical attack path runs through API keys, service accounts, OAuth grants, and automation credentials. Practitioners need to govern external trust as a live identity problem, not a static contractual one.
A few things that frame the scale:
- Two-thirds of enterprises have endured a successful cyberattack resulting from compromised non-human identities, with a quarter encountering multiple attacks, according to The 2024 ESG Report: Managing Non-Human Identities.
- Enterprises that have experienced a compromised NHI averaged 2.7 separate incidents in the past 12 months, which shows how quickly one failure can become a pattern.
A question worth separating out:
Q: Why do non-human identities increase the blast radius of supply chain attacks?
A: Non-human identities often have wider system access than human users because they are built for automation, not interactive use. If those credentials are long-lived or poorly scoped, an attacker can use them to reach data pipelines, cloud control planes, or CI/CD systems. That makes lifecycle governance and least privilege essential containment controls.
👉 Read our full editorial: Major supply chain attacks show why identity governance must expand
