Non-human identities are emerging as the fastest-growing and most overlooked cybersecurity risk in modern enterprises, now representing over 60% of all digital identities, according to Gartner, reports Intelligent CISO.
Brian Ramsey, VP of Americas at Xalient, warns that NHIs, which include software, services, APIs, containers, and IoT devices, operate autonomously, often with high privileges, making them attractive targets for attackers. Unlike human users, NHIs are rarely monitored, poorly governed, and can persist with excessive permissions across cloud, hybrid, and on-premises environments. High-profile breaches like SolarWinds, Microsoft Exchange, and Okta highlight the risks posed by compromised service accounts and automation credentials. Experts stress that NHIs must be treated as a boardroom-level concern, affecting compliance with mandates such as GDPR, SOX, and HIPAA. Securing them requires real-time visibility, automated lifecycle management, behavioral analytics, Zero Trust principles, and integration into DevOps pipelines. Ramsey concludes that organizations ignoring NHIs risk systemic exposure, operational disruption, and regulatory penalties if these machine identities remain unmanaged.
