Weaving a Standards Framework for Non-Human Identities

We entrust workloads and devices with our most sensitive data, giving them access to far more information than the human on whose behalf it operates, if it is even operating on behalf of a human. Yet, managing these non-human identities and applying Zero Trust Policies to them is a Herculean task complicated by a heterogenous technology landscape, amplified by multi-cloud/multi-hybrid environments, exacerbated by critical skills shortages and magnified by exponential growth in workload and device identities.

It's the kind of problem standards excel at solving by creating interoperability layers between heterogenous environments, codifying the wisdom of the crowd to alleviate pressures on rare skills, and creating eco-systems of interoperable solutions that meet a common security bar.

Fortunately there are already several standards efforts that can help us manage non-human identities. But how are all these efforts related and how to we avoid replacing a patchwork of heterogenous solutions with a patchwork of heterogenous standards? Is it possible to craft a standards framework and connect all these efforts in a single identity trust fabric, and is that desirable? If we had such a framework, what would it look like?

In this talk we explore the benefits of weaving a standards framework for non-human identities by bringing together more than 18 standards from at least 7 standards bodies while identifying opportunities to align and connect them all to solve the emerging challenge of managing non-human identities at scale.