Non-Human Identity Management
Combined Session
Wednesday, May 07, 2025 11:00—12:00
Location: B07-08
Wednesday, May 07, 2025 11:00—12:00
Location: B07-08
Non-Human Identities (NHIs) - including machine accounts, service accounts, and automated workflows - are increasingly prevalent in today's digital landscape. While they boost efficiency, they also introduce often-overlooked security vulnerabilities. This session explores NHIs, using recent security breaches to highlight the risks of inadequate management.
Attendees will gain insights into the dangers of unmanaged NHIs, such as unauthorized access and privilege escalation. The session remains vendor-neutral, focusing on essential features of NHI management tools. Practical advice will be shared on how organizations can initiate effective NHI management, including strategies for risk assessment and implementation planning.
Participants will leave with a foundational understanding of NHIs, the risks they pose, and actionable steps to mitigate them. This session is ideal for attendees aiming to enhance their organization's security without delving too deep into technical complexities.
This session will provide a practitioner's view to managing Non-Human Identity risks, from an industry veteran who has managed global NHI programs for over 25 years.
Lalit Choda founder of the Non-Human Identity Management Group, will talk about why this is probably the most complex and challenging technology risk exposure to address, given most organisations currently have little or no controls in place for managing NHIs, further complicated by Multi Hybrid Cloud, SaaS and On-Prem environments and the fact that NHIs typically outnumber human identities by a factor of 25x - 50x.
The session will cover the key risks around hard-coded credentials in source code, lack of inventory and ownership, stale/inactive accounts, lack of credential cycling/rotation, lack of environment segregation, sharing of credentials and humans inappropriately using NHIs.
Lalit will share real-life examples, of how he dealt with 500k+ NHIs, 1,000s of apps and securing 100k+ credentials, explaining the risks, how they were tackled, the pitfalls/challenges, best practices, lessons learned and how to take a risk based approach.
Attendees will walk away with an appreciation of the complexities of managing NHIs and why you need to take a risk based approach to tackling this 'huge elephant in the room'.
