The Ultimate Guide to Non-Human Identities Report

NHI Workshop – The Market Landscape

Introduction to Panel and Session Overview

The final session was expertly hosted by Nirit Icekson, CMO at Entro Security, along with industry leaders Rom Carmel, Co-Founder & CEO at Apono, Ehud Amiri, VP of Product Management at Saviynt and Steve Rennick, IAM Architect at Ciena, who shared their insights on the evolving landscape of the Non-Human Identity (NHI) market trends, risk management solutions and future outlooks. The conversation began with light personal anecdotes to humanize the topic before delving into the complexities facing organizations managing NHI today. The panelists underscored the growing awareness and urgency around NHI, reflecting on how the market has matured over the past two and a half years.

Audience and Vendor Engagement

  • Noted the presence of many vendors and prospects, highlighting a vibrant ecosystem.
  • Appreciated the engaged audience, noting their attentiveness and participation.

Speakers’ Personal Backgrounds and First Jobs

Each speaker shared their early work experiences, illustrating diverse paths into the industry:

  • Nirit – Started selling ice cream at 15, then moved into technical writing and copywriting.
  • Steve – Began with lawn care, then progressed to help desk support, and now specializes in identity architecture.
  • Rom – Worked also in the ice cream business, then as vulnerability researcher, and now in access management space.
  • Ehud – His first job was in a cookie factory, then in development and automatic rights management.

Roles and Responsibilities in NHI Management

Discussion centered on the typical personas involved in NHI management:

  1. Cloud Architects and DevOps – Focused on efficiency, agility and operational aspects.
  2. CISOs and Identity Managers – Concerned with security policies, compliance, and overarching governance.

Key challenge: Aligning these two personas within the organization to create a secure, seamless, and productive environment.

Evolution of the NHI Market

Insights from the speakers highlight how perceptions of NHI have shifted over the past two years:

  • Earlier – NHI was largely unrecognized or misunderstood, especially outside security circles.
  • Now – Increased visibility due to tools providing better insights, and a broader understanding across organizations.

Despite progress, ongoing education remains crucial to deepen understanding and implementation.

Market Perspectives and Changing Focus

Historically, organizations viewed NHI from an external attack surface perspective, Now, there’s a shift towards internal visibility and governance, recognizing internal risks such as misconfigurations, bad practices, and compliance issues.

This shift is driven by:

  • Increased internal awareness of identity risks.
  • The influence of AI agents and automation.

There is a growing consensus that identity management should encompass both human and non-human entities uniformly.

Changing Role of Identity Teams

Previously, identity teams focused mainly on human identities. Now, they are increasingly owning NHI management, emphasizing the need for consistent control across all types of identities, including machines and AI agents. This evolution supports a unified approach to identity and access management (IAM).

Educational Challenges and Strategies

Many organizations still lack understanding of NHI, often equating it with service accounts or traditional identities. Education is vital to:

  • Clarify what NHI entails.
  • Highlight its importance for security and compliance.
  • Build awareness among stakeholders.

Effective communication and demonstrating business value are key to fostering organizational buy-in.

Progress Over the Last Two and a Half Years

Visibility into NHI has significantly improved, aided by new tools and increased awareness. However, challenges remain in addressing poor practices and technical debt.

Key points include:

  • Organizations are more aware but often lack the processes to remediate issues.
  • Meeting stakeholders where they are, understanding their current practices is essential.
  • Long-term success depends on integrating NHI into broader security and governance programs.

External Factors and Future Outlook

Market drivers include:

  • Demand for consolidated identity solutions covering both human and non-human identities.
  • Emerging AI and automation technologies increasing the complexity and urgency of NHI management.

Future trends predicted include:

  1. Continued emphasis on automation and dynamic identity management.
  2. Increased regulatory focus, with compliance standards evolving to include NHI considerations.
  3. Potential for significant incidents or breaches involving AI or non-human identities, emphasizing the need for robust controls.

Predictions and Challenges for the Next Two Years

  • Tools will improve, but fundamental issues like technical debt will persist.
  • Organizations often avoid addressing core problems, risking recurring issues.
  • Without tackling tech debt, progress in security maturity will be limited.

Auditing and regulation are expected to drive better practices, but enforcement remains a challenge.

Closing Remarks

This session provided a comprehensive overview of the current state and future direction of non-human identity management. From growing awareness and evolving stakeholder roles to the accelerating impact of AI and the pressing need for regulation and remediation, the discussion painted a realistic yet hopeful picture. The path forward hinges on bridging gaps between technical and security teams, educating all stakeholders, investing in foundational clean-up efforts, and embracing automation as a core capability. Only through these concerted efforts can organizations hope to effectively manage the risks and complexities posed by the expanding universe of non-human identities.