The Ultimate Guide to Non-Human Identities Report

Who Says We Have A Secret Sprawl Problem

Written by: Lalit Choda, NHI Mgmt Group

25 years ago at a Global Investment bank :

  • we had the opposite to the current Secrets Sprawl problem
  • we had just one Non-Human Identity (NHI) for the whole division
  • everyone in the department had access to the NHI over 1,000 people
  • we ended up with a major audit finding as result

So what did we do ?

  • each application ended up having its own set of NHIs
  • we segregated NHIs – one per environment to to prevent lateral movement between environments
  • each account had an environment post-fix e.g. o trading_prod, trading_qa, tradingl_dev

25 years on, we still see :

  • many accounts are still shared across environments
  • many accounts are still shared across applications
  • many plain-text credentials are found in source code repos etc
  • organisations are still struggling to Cycle NHI credentials

Oh I Wish We Could Go Back To One NHI And Avoid the Secrets Sprawl Problem