NHI risk mitigation in 2024-25: where IAM teams should focus

TL;DR: AI-driven threats, third-party exposure, and growing non-human identity sprawl are shaping 2024-25 cyber risk, with weak rotation, poor visibility, and over-privilege driving compromise across modern environments, according to Entro Security. The governance problem is no longer isolated controls, but whether identity programmes can keep pace with machine access at scale.

NHIMG editorial — based on content published by Entro Security: Cybersecurity risk mitigation recommendations for 2024-25

By the numbers:

• Lack of credential rotation is cited as the top cause of NHI-related attacks by 45% of organisations, followed by inadequate monitoring and logging (37%) and over-privileged accounts (37%).
• When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes and as quickly as 9 minutes in some cases.

Questions worth separating out

Q: How should security teams reduce risk from exposed NHI secrets?

A: Security teams should treat exposed secrets as active credentials, not static configuration.

Q: Why do service accounts and API keys create so much lateral movement risk?

A: Service accounts and API keys often carry broad, persistent permissions that outlast the original task they were created for.

Q: What do organisations get wrong about third-party OAuth access?

A: Organisations often treat OAuth consent as a one-time trust decision, when it is actually a standing delegated access relationship.

Practitioner guidance

• Inventory every non-human identity and secret path Create a single inventory that ties each service account, token, API key, and certificate to an owner, purpose, system dependency, and expiry condition.
• Shorten the exposure window for public secrets Treat public secret exposure as a time-sensitive incident because attacker access can begin within minutes.
• Reassess third-party OAuth scopes routinely Review external app permissions on a recurring schedule and confirm that scopes still align with actual business need.

What's in the full article

Entro Security's full blog covers the operational detail this post intentionally leaves for the source:

• Practical implementation guidance for centralized NHI management and automated discovery across cloud environments
• Detailed remediation logic for secrets exposure, lifecycle retirement, and least-privilege enforcement
• Step-by-step examples of automated compliance reporting and multi-cloud integration patterns
• The vendor's full discussion of education, awareness, and incident response simulation for identity risk

👉 Read Entro Security's analysis of cybersecurity risk mitigation for 2024-25 →

NHI risk mitigation in 2024-25: where IAM teams should focus?

Explore further

View Full Forum →  |  NHI Foundation Course →  |  Our Services →