ChaptersCircleEventsBlog
CSA Day is coming soon on May 7, 2025. Secure the cloud. Strengthen your future - at half the cost →

Download Publication

The State of Non-Human Identity Security
The State of Non-Human Identity Security
Who it's for:
  • All cybersecurity professionals

The State of Non-Human Identity Security

Release Date: 09/11/2024

Non-human identities (NHIs) include bots, API keys, service accounts, OAuth tokens, and secrets. These identities keep today’s organizations running smoothly by automating tasks, boosting efficiency, and driving innovation. However, NHIs also operate 24/7, handle sensitive information, and perform actions at lightning speed. This makes them prime targets for cyber attacks and a major concern within Identity and Access Management (IAM).

To better understand this often overlooked aspect of IAM security, Astrix commissioned CSA to develop a new survey report. CSA conducted the survey online in June 2024 and received 818 responses from IT and security professionals. The resulting report provides insights into:
  • Perceptions around NHIs and their security risks
  • Current security efforts, policies, and management of NHIs
  • Challenges with connecting to third-party vendors
  • Current management and policies for API keys

Read the full report to get crucial insights into NHI security gaps and recommendations.

Key Findings Include:
  • Only 15% of organizations feel highly confident in preventing NHI attacks, while 69% express concerns about them. This indicates awareness of the risks but a lack of confidence in current security measures.
  • Major pain points include managing service accounts, auditing and monitoring, access and privilege management, discovering NHIs, and policy enforcement.
  • Only 20% of organizations have formal processes for offboarding and revoking API keys. Even fewer have procedures for rotating them.  
  • Many organizations rely on a mix of security tools not specifically designed for NHIs. This results in a lack of cohesion and effectiveness.  
  • A promising trend shows increased investment in NHI security capabilities. 24% of organizations plan to invest within the next six months and 36% within the next 12 months.
Download this Resource

Bookmark
Share
Related resources
State of SaaS Security Report 2025
State of SaaS Security Report 2025
Zero Trust Guidance For Critical Infrastructure - Korean Translation
Zero Trust Guidance For Critical Infrastructure...
Zero Trust Privacy Assessment and Guidance - Japanese Translation
Zero Trust Privacy Assessment and Guidance - Ja...
Knowing the Difference Between the Two Types of Technical Challenges is the Key to Smarter Decisions
Knowing the Difference Between the Two Types of Technical Challenge...
Published: 04/30/2025
Breaking the Cloud Security Illusion: Putting the App Back in CNAPP
Breaking the Cloud Security Illusion: Putting the App Back in CNAPP
Published: 04/30/2025
Why We’re Launching a Trusted AI Safety Knowledge Certification Program
Why We’re Launching a Trusted AI Safety Knowledge Certification Pro...
Published: 04/26/2025
Phishing Tests: What Your Provider Should Be Telling You
Phishing Tests: What Your Provider Should Be Telling You
Published: 04/24/2025
Are you a research volunteer? Request to have your profile displayed on the website here.

Related Certificates & Training