The Ultimate Guide to Non-Human Identities Report

NHI Workshop – Why the Urgency Now

Introduction to Panel and Session Overview

The panel features four experts in the field of identity management and security:

  • Dwayne McDaniel – Sr. Developer Advocate at GitGuardian, focusing on solving NHI governance at scale.
  • Anusha Iyer – CEO and founder of Corsa, specializing in identity providers for NHIs, with extensive experience in federal and intelligence sectors.
  • Jobson Andrade – Senior Manager Identity Operations at Mars, overseeing global identity operations, including non-human identities across diverse environments.
  • Kamal Muralidharan – Co-founder and CTO of Andromeda Security, with a background in cloud security and lifecycle management of human and non-human identities.

Core Theme: The Urgency of Managing NHIs

The discussion emphasizes the increasing threat landscape driven by identity-based attacks, especially involving NHIs. Key points include:

  • Attackers increasingly target credentials, which are easier to steal than exploiting zero-day vulnerabilities.
  • Recent breaches, such as the Active Directory compromise, highlight how NHIs can be exploited to access sensitive data and escalate attacks.
  • Research indicates millions of hard-coded credentials are publicly available, notably 23.7 million in GitHub repositories in 2024 alone.

This trend underscores the critical need for immediate action to secure NHIs and their credentials.

How Did We Get Here?

Factors Contributing to the Current State

Panelists discuss the evolution of identity management challenges:

  1. Expansion of connected systems – The proliferation of IoT devices, hybrid cloud environments, and SaaS applications increases the attack surface.
  2. Decentralization of credential management – DevOps practices and cloud adoption allow individuals to create and manage credentials independently, often without centralized governance.
  3. Shift from private to public cloud – The physical boundaries of data centers have dissolved, making NHIs accessible from outside traditional networks.
  4. Speed over security – Business priorities often favor rapid deployment, leading to insecure practices like hardcoded secrets.

Challenges in Managing Secrets and Credentials

Key issues identified include:

  • Storing secrets in source code repositories like GitHub, leading to exposure.
  • Sharing credentials via social platforms such as Slack, increasing risk of leaks.
  • Difficulty in transitioning to secretless architectures, though some progress is possible with keyless solutions.

Solutions suggested using secret managers and adopting more secure credential management practices.

Managing the Growth of NHIs and Secrets

Risk-Based Approach

Organizations should:

  • Assess the risk associated with each secret or NHI.
  • Assign ownership and responsibility to relevant teams or leaders.
  • Implement policies to migrate away from secrets where feasible, such as using certificates or federated identities.
  • Communicate the importance of reducing secrets to the business to foster a security-first mindset.

Lessons from Human Identity Management

Panelists highlight parallels between human and non-human identity management:

  • Adoption of MFA and adaptive authentication has significantly reduced risks associated with human credentials.
  • Applying similar principles to NHIs, such as making minimal entitlements and monitoring behavior which can mitigate risks.
  • Managing NHIs as first-class citizens with proper governance is essential for security and operational efficiency.

The Impact of AI and the Need for Urgency

AI, especially agentic and autonomous AI, introduces new challenges and opportunities:

  • AI adoption is rapid, often within weeks, compared to multi-year cloud migrations.
  • Agentic AI systems will have entitlements and behaviors that need to be monitored and controlled.
  • Potential risks include AI systems acting autonomously in ways that could compromise security.

Panelists stress the importance of developing tools and frameworks to track, monitor, and govern NHIs and AI agents effectively.

Operational and Governance Challenges

Key issues include:

  • Managing complex chains of agents and their permissions.
  • Ensuring governance keeps pace with technological evolution.
  • Balancing speed of deployment with security controls.

There is a call for better frameworks and policies to handle the increasing complexity of NHIs and AI systems.

Final Recommendations

Panelists agree on several core principles:

  • Support business growth responsibly by implementing governance without becoming a bottleneck.
  • Recognize that APIs, agents, and automation are now the primary decision-makers in ecosystems.
  • Treat all identities, human or non-human with equal care, ensuring proper entitlement management and security.
  • Shift organizational focus from just protecting assets to enabling secure, scalable innovation.

They encourage ongoing dialogue, sharing best practices, and adopting a proactive stance to secure NHIs and AI systems as integral parts of future infrastructure.

Closing Remarks

The panel emphasizes that managing NHIs is not just a technical challenge but a strategic imperative. The rapid evolution of technology, especially AI, demands immediate action, robust governance, and a mindset shift towards viewing NHIs as vital assets that require the same level of care as human identities.