Understanding Natoma
Introduction to the Natoma Management Solution
Understanding Natoma
Breadth and Depth for NHI security
Natoma came out of stealth in July 30, 2024. Natoma is a comprehensive NHI platform for securing and controlling non-human identities. They provide visibility across cloud, SaaS and on-prem. They manage the lifecycle of NHIs as discussed earlier in this report. The founders have extensive experience within the Identity ecosystem and want to use their knowledge to solve the NHI problem.
Natoma wants to go beyond breadth of visibility, but go deeper into depth of these NHIs across vaults. Natoma provides more than just a surface-level view of NHIs. They emphasize giving deep contextual graph to understand the relationship between all your NHIs, including:
Who owns the NHI: Identifying the human owner or team responsible for each NHI.
Where the NHI is being used: Mapping NHIs to their usage within cloud workloads to ensure that lifecycle actions (e.g., rotation, decommissioning) don’t disrupt critical services.
What the NHI is capable of: ensuring NHIs follow the principle of least privileged access and are only granted permissions that they need (and use)
Natoma’s approach to Non-Human Identity (NHI) management follows a lifecycle process that begins with gaining full visibility and inventory of all NHIs across cloud environments. Next, they map dependencies to understand where NHIs are used, ensuring any lifecycle changes don’t disrupt services. They then attribute ownership of NHIs to responsible individuals or teams, dynamically updating this as roles change. Natoma also automates secret rotation, ensuring credentials are regularly updated and secure, while orchestrating provisioning for new NHIs with the right permissions. They handle offboarding and deprovisioning by safely deactivating unused NHIs and ensure smooth ownership transitions when users leave or change roles. For NHIs that need scope adjustments, Natoma facilitates change of permissions based on actual usage. All of this is done through non-intrusive collection, integrating with existing security systems to minimize friction.
Non-invasive approach
A highlight from my discussions is Natoma’s non-Intrusive approach. Natoma collects data from various systems to build a detailed picture of NHI activity and automatically inventory all NHIs present in the cloud environment. This includes service accounts, API keys, OAuth tokens, and other non-human credentials. This approach allows them to provide insights without requiring deep integration into each system, making their solution relatively low friction for customers.
Natoma ingests and fingerprints data that includes actions taken by NHIs, such as API calls, service account activity, and interactions with cloud workloads. This data is ideal for understanding NHIs because they capture detailed information about who (or what) is accessing specific resources and when the access occurred. For example:
Where an NHI is being used (e.g., within which cloud service or workload).
What actions the NHI is performing (e.g., accessing sensitive databases, making API calls).
When and how frequently the NHI is active (e.g., identifying stale NHIs that have not been used recently).
What actions were performed (e.g., API usage, file modifications).
Which permissions were invoked or used
Natoma can identify anomalous behaviors associated with NHIs. For instance, if a service account that is typically used during office hours suddenly starts making API calls at 3 AM, this could indicate a compromised identity. They give Natoma the ability to see both real-time and historical data, which is critical for lifecycle management including the meta-data for attributing ownership and accountability.
Downstream Dependencies
One of the most challenging aspects of NHI governance is understanding where an identity is used across an organization’s infrastructure. Natoma maps these dependencies by tracking which systems interact with which NHIs. This information is crucial when making lifecycle decisions, such as rotating credentials or deprovisioning an account, as it prevents accidentally breaking workflows or services. It can also identify abuse of non-human identity such as when a new, unexpected client or system attempts to use an NHI, or there is interactive activity associated with an account reserved for programmatic use.
Natoma’s analysis is a key capability for managing NHIs because it allows for deep visibility, comprehensive lifecycle management, and proactive security measures. Natoma’s approach to Non-Human Identity (NHI) management is distinguished by its ability to provide both breadth and depth in managing the lifecycle of NHIs, across a wide range of systems, such as SaaS, PaaS, on-prem infrastructure, and more. Natoma is focused on scaling their solution to support very large enterprises, including those in highly regulated industries like finance and critical infrastructure (e.g., oil and gas).