The Risk: Nonhuman Identities
The number of nonhuman identities such as API keys, OAuth tokens, and service accounts has grown dramatically, and those credentials pose a significant risk as adversaries can use them to compromise core systems and steal sensitive data. The scale of the challenge is big; the number of nonhuman identities—also called machine identities—typically outstrips the number of human identities in larger enterprises.
Enterprises frequently lack visibility into those identities to track their creation, usage, and access privileges. Managing nonhuman identities is considerably different than traditional human identity and access management (IAM), as nonhuman identities have different lifecycles, workflows, and policies.
This issue is something that established players and a collection of startups in IAM, privileged access management (PAM), and cloud infrastructure entitlement management (CIEM) are looking to solve. Astrix Security announced a Series A round of funding in mid-2023, Clutch Security recently came out of stealth, and Oasis Security announced an A round in January 2024.
Understanding Interest in Managing Nonhuman Identities
In looking at what people sought in machine identity management in various TechTarget resources, some interesting data pops out:
- About 20% of the people looking were from IT security, while about 80% was spread across responsibilities including IT systems management, IT infrastructure and cloud operations, application development, and so forth.
- 80% of the people searching came from organizations with more than 1,000 employees.
The interest in nonhuman identity management is shared across many disciplines, the largest of which is the security team. This is a grounds-up phenomenon driven by staff, managers, and directors. And while the interest in nonhuman identity management is large and growing, the biggest interest is in midmarket (1,000-10,000 employees) and large (10,000-plus employees) enterprises.
There are plenty of smaller, tech-forward companies that are looking at this—about 20% of the organizations have fewer than 1,000 employees—but the volume of the interest comes from bigger organizations researching the topic.
Diverse Interest in Nonhuman Identity Management
IT security teams have frequently been criticized for managing last year’s security risks rather than working with peer functions and lines of business to counter emerging risks to the business. When new technology comes along, the IT security team can be behind the curve in collaborating across the organization with constituencies like IT operations or DevOps partners to address new risks—with DevSecOps frequently a dream rather than a reality. And security teams have been criticized in the past for hindering business innovations in pursuit of controlling risk. The diverse interest in nonhuman identity management might signal that dynamic is changing, with the security teams actively collaborating with adjacent IT functions to get ahead of the nonhuman identity management challenge. Nonhuman identity management is a dynamic space. If you are involved in managing nonhuman identities and want to exchange ideas, give me a shout to share what you are doing.
All data from this blog are from TechTarget Buyer Intent Data, based on aggregated audience activities over the 3-month period between January 2024 and March 2024, submarket: Machine Identity Management.
