TL;DR: Hybrid work, cloud migration and basic security hygiene are the main planning pressures in 2022 IT security trends, with reduced visibility and credential sprawl making breach prevention harder, according to Bitwarden. The deeper issue is that identity controls built for stable perimeters and known devices do not map cleanly to distributed access patterns.
NHIMG editorial — based on content published by Bitwarden: 2022 IT Security Trends webcast and takeaways
By the numbers:
- 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.
- Only 5.7% of organisations have full visibility into their service accounts.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
Questions worth separating out
Q: How should security teams handle credential governance for hybrid workforces?
A: Security teams should treat credentials as shared operational assets, not just login factors.
Q: Why do cloud and remote work increase identity risk?
A: They expand the number of devices, apps and networks that can touch corporate credentials, which makes visibility and consistent policy much harder.
Q: What do teams get wrong about password managers and SSO?
A: Teams sometimes assume these tools solve governance by themselves.
Practitioner guidance
- Map remote-work credential paths end to end Inventory where corporate credentials are stored, shared and reused across managed devices, home environments and cloud services.
- Centralise sharing through controlled vaults Use a single approved approach for storing and sharing credentials so teams do not create ad hoc copies in chat, documents or local files.
- Extend governance to cloud accounts and delegated access Track which cloud accounts, app connections and third-party integrations exist across your estate, then review them like any other identity with access.
What's in the full article
Bitwarden's full webcast covers the operational detail this post intentionally leaves for the source:
- The speaker discussion on how password managers can support controlled credential sharing across hybrid teams.
- The webcast examples showing how IT teams can use awareness training to reinforce password hygiene and MFA adoption.
- The specific trade-offs discussed between zero-trust deployments and cross-platform credential management tools.
- The Q&A segment on teaching different generations of end users to build better online security habits.
👉 Read Bitwarden's webcast replay on 2022 IT security trends and credential control →
Hybrid work, cloud sprawl and credential control gaps for IAM teams?
Explore further
Perimeter security fails once identity becomes the real boundary. Hybrid work and cloud adoption do not merely complicate enforcement, they change the control plane. Security teams can no longer assume that network location or managed endpoints are enough to establish trust. The practical conclusion is that identity governance must become session-aware and credential-aware across every access path.
A few things that frame the scale:
- 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation, according to Ultimate Guide to NHIs.
- 71% of NHIs are not rotated within recommended time frames, increasing the risk of compromise over time.
A question worth separating out:
Q: How can organisations reduce the blast radius of compromised credentials?
A: They should limit credential reuse, separate admin access from everyday access, and keep a current inventory of cloud accounts and shared secrets. The key is to make each credential reach as little as possible so a single compromise cannot spread across multiple services or teams.
👉 Read our full editorial: IT security planning for hybrid work exposes identity control gaps