TL;DR: Cloud visibility tied to runtime identity controls is prioritising human and non-human identities, compressing attacker dwell time, and improving evidence collection across hybrid estates, according to Unosecur. The real shift is that identity risk is being operationalised at runtime, not left for post-incident review.
NHIMG editorial — based on content published by Unosecur: Unosecur joins Wiz Integrations Network to strengthen Identity Security
By the numbers:
- Only 5.7% of organisations have full visibility into their service accounts.
- 80% of identity breaches involved compromised non-human identities such as service accounts and API keys.
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
Questions worth separating out
Q: How should security teams prioritise identity findings in hybrid cloud environments?
A: They should prioritise by blast radius, reachable systems, and privilege scope rather than by raw alert volume.
Q: Why do runtime identity controls matter more than periodic access reviews?
A: Because attackers operate at runtime, not on review cycles.
Q: What breaks when identity and cloud risk signals are not correlated?
A: Teams get more findings but less usable action.
Practitioner guidance
- Map runtime identity correlations to containment decisions Connect cloud posture findings, identity attributes, and privilege scope so the response team can immediately identify which identities should be restricted first.
- Prioritise identities by blast radius, not by alert count Rank human and non-human identities by reachable systems, standing privilege, and exposure path.
- Bind JIT controls to identity lineage Require the workflow to show which identity requested access, which resources it can reach, and how long the privilege remains valid.
What's in the full analysis
Unosecur's full news announcement covers the operational detail this post intentionally leaves for the source:
- How the Unified Identity Fabric is positioned across multi-cloud, identity providers, SaaS apps, and on-prem environments
- Which prioritized security findings are shared between Wiz and Unosecur, including inventory, vulnerabilities, issues, and configuration findings
- The vendor's description of no-code workflows, bulk remediation, and identity timeline evidence collection
- The stated workflow for reducing identity attack surface at runtime and narrowing blast radius after detection
👉 Read Unosecur's announcement on joining Wiz Integrations Network →
Wiz integrations network and runtime identity security: what changes?
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
Runtime identity context is becoming the deciding layer in cloud security operations. Visibility alone does not tell teams which identities to restrain first, and that is the real gap this announcement exposes. When human and non-human identities are evaluated with infrastructure risk and timeline context together, the programme shifts from observation to prioritisation. Practitioners should treat identity context as the control plane for containment, not as a reporting add-on.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
- 71% of NHIs are not rotated within recommended time frames, according to the same report.
A question worth separating out:
Q: Who is accountable when JIT access fails to reduce exposure fast enough?
A: Accountability sits with the team that owns the identity governance workflow, not only with the cloud security tooling owner. If JIT access is slow, over-broad, or not tied to identity lineage, then the programme has not translated policy into enforceable runtime control. Governance must be measurable end to end.
👉 Read our full editorial: Wiz and Unosecur integration reframes runtime identity security