Shared devices reduce friction when clinicians can reach applications quickly, but they also concentrate dependency on access quality, endpoint state, and lifecycle control. If the device is missing, uncharged, or poorly configured, users work around the process. That is why the same programme can improve care and create governance gaps at the same time.
Why This Matters for Security Teams
Shared devices can improve throughput because they reduce login friction, keep work moving across shifts, and let clinicians reach systems without waiting for a personal endpoint. The risk is that the same convenience concentrates trust in a small set of devices, sessions, and local workflows. If identity quality, endpoint state, or sign-out discipline slips, the device becomes a shared failure point rather than a shared resource.
This is why device sharing is not just an operations question. It touches authentication strength, session control, and non-human identity governance on the backend. NHI Management Group has documented how identity sprawl and weak lifecycle control create durable exposure across modern environments in the Ultimate Guide to NHIs — Key Challenges and Risks, and the same pattern shows up when endpoint access is treated as a convenience layer instead of a controlled trust boundary. Current guidance from the OWASP Non-Human Identity Top 10 and NIST Cybersecurity Framework 2.0 points toward tighter identity, endpoint, and session governance. In practice, many security teams only discover the access gap after a rushed handoff, a missed logout, or an exposed workstation has already been used incorrectly.
How It Works in Practice
Shared devices create productivity gains when they are paired with fast, reliable access patterns: tap-in authentication, short sessions, roaming profiles, and central policy enforcement. The device itself is not the trust model; the trust model is the combination of user identity, device posture, and session state. That distinction matters because the access decision should be based on whether the device is current, managed, and fit for use at the moment of access, not simply whether it was previously approved.
For security teams, the practical controls usually include:
- Strong user authentication with short-lived sessions and automatic timeout rules.
- Device posture checks so unmanaged, jailbroken, or unencrypted endpoints are blocked or isolated.
- Fast re-authentication for high-risk actions, even if the device is already unlocked.
- Central logging of who used the device, when, and which applications were accessed.
- Clear sign-out and handoff workflows so one user does not inherit another user’s active session.
Where NHI governance enters the picture is on the service side. Devices often access EHRs, scheduling systems, APIs, or automation services that rely on machine credentials, tokens, or service accounts. If those credentials are long-lived or overbroad, a convenient shared device can become an efficient path into critical systems. That is why the broader NHI posture described in Top 10 NHI Issues matters even when the user story looks purely human. The operational goal is to make access fast for legitimate work while keeping device trust, session scope, and downstream credentials tightly bounded. These controls tend to break down in shift-based environments with unreliable charging, inconsistent sign-out behaviour, and no continuous endpoint management because users will bypass the intended workflow to keep care moving.
Common Variations and Edge Cases
Tighter shared-device control often increases workflow overhead, requiring organisations to balance speed against assurance. That tradeoff becomes visible in high-volume settings where staff rotate quickly and the device may be the only practical access point. Best practice is evolving, but there is no universal standard for how much friction is acceptable before clinicians start bypassing controls.
Some environments tolerate shared devices well because the applications are read-only, the risk is low, or the device is locked to a single physical area. Others need stronger controls because a shared endpoint can also expose cached sessions, downloaded records, or privileged admin tools. This is especially true when the device is used to access backend services with non-human identities, where 52 NHI Breaches Analysis shows how identity failure can cascade across systems once access is reused or left open. For implementation teams, the question is not whether sharing is allowed in principle, but whether the environment can enforce clean handoff, rapid revocation, and device health checks every time. Where roaming profiles, offline mode, or legacy applications are involved, those assumptions often fail because the platform cannot reliably distinguish a legitimate new user from the previous session owner.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.AC-1 | Shared devices depend on controlled access and session handling. |
| OWASP Non-Human Identity Top 10 | NHI-03 | Shared endpoints often expose long-lived secrets and weak lifecycle control. |
| NIST AI RMF | Operational convenience must not undermine accountability and risk management. |
Define risk owners and review device-sharing controls as part of ongoing AI and access governance.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 25, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
