Tuesday, December 24, 2024
HomePress ReleaseAembit Unveils 2024 Survey Report Highlighting Major Gaps in Securing Non-Human Identities

Aembit Unveils 2024 Survey Report Highlighting Major Gaps in Securing Non-Human Identities

Published on

SIEM as a Service

Aembit, the non-human identity and access management (IAM) company, today released its 2024 Non-Human Identity Security Report, a definitive survey highlighting how organizations currently manage and protect non-human identities (NHIs) – such as applications, scripts, and service accounts. The report reveals a stunning, widespread reliance on outdated methods and manual practices that fail to provide adequate protection against the reality of increased NHI-focused breaches.

As non-human identities (NHIs) rapidly proliferate in modern IT environments, driven by the shift from monolithic to distributed architectures, widespread cloud adoption, and increasing automation, the report reveals a chasm between non-human and user identity security practices, with most organizations acknowledging their efforts to secure non-human identities are either lagging or struggling to keep pace.

The survey of IT and security professionals also shows that careless habits, such as storing long-term credentials directly in code, relying on spreadsheets for manual input, and sharing sensitive information via collaboration tools, are still prevalent. Additionally, many organizations face difficulty in securing NHIs in complex, multi-cloud environments, with concerns about inconsistent access management and unclear ownership of security processes.

- Advertisement - SIEM as a Service

Key findings of the survey include:

  • IAM Maturity Gap: 88.5% of organizations admitted that their non-human IAM practices lag behind or are on par with their user IAM efforts.
  • Low Confidence: Only 19.6% of respondents expressed strong confidence in their non-human IAM practices.
  • Insecure Practices: 30.9% of respondents store long-term credentials in code and 23.7% share secrets through copying and pasting, such as via email or messaging apps.
  • Outmoded Methods: 38.9% of respondents still use less-secure methods like secrets managers for non-human workload-to-workload authentication.
  • Cloud Complexity: 35.6% of organizations struggle to manage non-human identity security across hybrid and multi-cloud environments.
  • Blind Spots: 23.5% of organizations are not sure of the biggest threat to their non-human identities.

“Organizations are starting to recognize that non-human identities are more than just background tools. As businesses rapidly automate, NHIs play a critical role in digital ecosystems and often handle sensitive data,” said David Goldschlag, co-founder and CEO of Aembit. “But, as our survey shows, NHI security remains very much a work in progress. While awareness is growing, most organizations still have significant shortfalls in how they secure these identities and the vital connections between them. It’s time to elevate non-human IAM to the same level of importance as user IAM.”

The survey, which included responses from 110 professionals, from developers to identity architects to CISOs, also revealed a growing need for more holistic approaches to managing non-human identities. As businesses expand across cloud environments, managing workload identities has become increasingly complex, with many organizations struggling to keep up due to piecemeal or legacy approaches.

Those interested can read the full survey by downloading it here.

About Aembit

Aembit is the non-human identity and access management platform that secures access between workloads across clouds, SaaS, and data centers. With Aembit’s identity control plane, DevSecOps can fully automate secretless, policy-based, and Zero Trust workload access with MFA-strength capabilities. For more information, users can visit https://aembit.io/ and follow Aembit on LinkedIn.

Contact

CMO
Apurva Davé
Aembit
info@aembit.io

Kaaviya
Kaaviya
Kaaviya is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space.

Latest articles

Node.js systeminformation Package Vulnerability Exposes Millions of Systems to RCE Attacks

A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing...

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer...

BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the...

Malicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications

A seemingly benign health app, "BMI CalculationVsn," was found on the Amazon App Store,...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Resecurity introduces Government Security Operations Center (GSOC) at NATO Edge 2024

Resecurity, a global leader in cybersecurity solutions, unveiled its advanced Government Security Operations Center...

DMD Diamond Launches Open Beta for v4 Blockchain Ahead of 2025 Mainnet

DMD Diamond - one of the oldest blockchain projects in the space has announced the...

Sweet Security Introduces Evolutionary Leap in Cloud Detection and Response, Releasing First Unified Detection & Response Platform

With Sweet, customers can now unify detection and response for applications, workloads, and cloud...