TL;DR: Aviation identity security programs often fail because hidden accounts, overlapping access, and incomplete visibility leave critical identities outside governance, according to Hydden. The result is a blind spot that weakens identity security across human, machine, and non-human identity programmes, where control depends on knowing who and what is actually on board.
NHIMG editorial — based on content published by Hydden: Who's Really on Board? The Hidden Risks of Identity Security in Aviation
By the numbers:
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
- Only 5.7% of organisations have full visibility into their service accounts.
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
Questions worth separating out
Q: How do hidden identities weaken IAM and PAM programmes?
A: Hidden identities prevent the programme from knowing which accounts are in scope for review, rotation, or offboarding.
Q: Why do aviation environments amplify identity governance gaps?
A: Aviation environments typically combine operational systems, vendors, contractors, and shared workflows, which increases the chance that access is created outside normal IAM controls.
Q: What do organisations get wrong about identity visibility?
A: They often treat visibility as a reporting problem instead of a governance prerequisite.
Practitioner guidance
- Inventory hidden identity classes first Map service accounts, API keys, shared credentials, vendor access, and delegated operational accounts to named owners and business purposes.
- Reconcile authoritative sources with live access data Compare IAM records, PAM vaults, cloud entitlement exports, and application logs to find identities that exist in one system but not another.
- Bind every identity to an expiry or review event Require time-bounded approval, owner attestation, or explicit service justification for each non-human identity and delegated account.
What's in the full article
Hydden's full blog post covers the operational detail this post intentionally leaves for the source:
- The specific aviation identity visibility gaps Hydden highlights across platforms and access paths
- The product workflow for surfacing hidden identities and mapping them to governance ownership
- The examples Hydden uses to show why pre-built connectors miss part of the identity estate
- The implementation details behind its discovery and observability approach for identity coverage
👉 Read Hydden's post on the hidden risks of identity security in aviation →
Aviation identity security risks: what IAM teams are missing?
Explore further
Hidden identity coverage is the control plane, not a supporting metric. Once an organisation cannot see every identity, every downstream governance function inherits error. Recertification, offboarding, and privilege review all depend on an accurate inventory, so missing identities become ungoverned identities by default. The practitioner conclusion is straightforward: visibility is the first control, not a dashboard feature.
A few things that frame the scale:
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which explains why hidden access so often survives routine review cycles.
A question worth separating out:
Q: How should teams prioritise fixing hidden access in identity programmes?
A: Start with identities that can create the largest blast radius, especially service accounts, shared credentials, and vendor access with elevated permissions. Then connect discovery to ownership and lifecycle controls so every hidden account gets a named responder and a removal path.
👉 Read our full editorial: Hidden identity security risks in aviation need better governance