A high-cardinality resource is a large, fast-changing set of objects that can be created, updated, and deleted frequently. In authorization design, these resources are risky to synchronize externally because drift and latency can appear at the worst possible moment. Keeping them local can preserve speed and consistency.
Expanded Definition
A high-cardinality resource is any authorization target that exists as a large and rapidly changing population of discrete objects, such as tenant records, ephemeral workloads, per-customer storage buckets, or short-lived tokens. In NHI security, the term matters because policy evaluation must keep pace with object creation and deletion without depending on slow external synchronization. That makes it closely related to how access control engines, service mesh identity layers, and secrets systems model state. Guidance varies across vendors, but the common design principle is consistent: the more frequently the object set changes, the more dangerous stale authorization data becomes. For a standards-oriented view of access governance, NIST Cybersecurity Framework 2.0 is a useful baseline for mapping resource access and change handling. High-cardinality resources are often paired with local decision-making, narrow scopes, and automated lifecycle signals from the source of truth. The most common misapplication is treating a fast-changing object set like a static directory, which occurs when teams centralise synchronization and then assume the resulting lag is acceptable.
Examples and Use Cases
Implementing high-cardinality resource controls rigorously often introduces policy and caching complexity, requiring organisations to weigh fresher authorization decisions against the cost of tighter integration.
- Per-customer API objects in a multi-tenant platform, where each object may need distinct permissions and rapid revocation.
- Ephemeral compute workloads that request short-lived access to secrets or data services through an identity broker.
- Temporary deployment artifacts, where object identity changes too quickly for manual entitlement tracking to remain accurate.
- Service-account-linked resources that must be resolved locally to avoid drift during high-frequency changes, a pattern echoed in ASP.NET machine keys RCE attack-style failures when stale trust assumptions persist.
- Distributed authorization directories that use the same object model as NIST Cybersecurity Framework 2.0 asset governance, but at a much faster change rate.
NHIMG research shows that only 5.7% of organisations have full visibility into their service accounts, which is why high-cardinality object sets are especially hard to govern at scale. The 2025 Ultimate Guide to Non-Human Identities also notes that NHIs outnumber human identities by 25x to 50x, reinforcing why object churn can overwhelm manual controls.
Why It Matters in NHI Security
High-cardinality resources become security-critical when they are tied to secrets, service accounts, or agent permissions, because a small delay in updating policy can expose many objects at once. In NHI environments, stale state creates silent failure modes: expired access may still work, deleted objects may remain authorizable, and new objects may inherit excessive privilege by default. This is especially dangerous in zero-trust designs, where authorization should reflect current context rather than yesterday's inventory. The challenge is not simply volume, but the combination of volume, change velocity, and automation. When NHI teams cannot observe the full object population, they also cannot reliably rotate, revoke, or prove least privilege. NHIMG reports that 97% of NHIs carry excessive privileges, which makes high-cardinality sets a multiplier for blast radius when governance is weak. Organisations typically encounter this consequence only after a breach, outage, or failed revocation, at which point high-cardinality resource handling becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | High-churn resource sets create hidden authorization drift and stale access paths. |
| NIST CSF 2.0 | PR.AC-1 | Access to changing resources must be governed by current identity and policy state. |
| NIST Zero Trust (SP 800-207) | SCF | Zero Trust requires per-request decisions over dynamic, high-change resources. |
Keep authorization state close to the source of truth and minimize stale object mappings.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 7, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
