Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.

The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the only ones that NHIs have opened up.

Heavy reliance on using NHIs to support business growth agendas has led to a surge in security issues in recent years, with malicious sources targeting machine identities to carry out cyberattacks. Understanding the inherent risks of using NHIs and knowing how to better secure them is key to avoiding becoming a victim.

What is a non-human identity (NHI)?

Non-human identities (NHIs) are the credentials assigned to different digital entities in a network. They identify various applications or services, including API connections, OAuth tokens, cloud-enabled devices and third-party integrations.

When enabling certain automated elements across your infrastructure, digital entities must have certain access permissions assigned to them — no different than a human operator.

However, in most cases, an NHI will need to have higher levels of privileged access than most employees since they are often connected to databases, service accounts and other machines. Unfortunately, while this level of access is what drives the operability of NHIs, it’s also what makes them a prime target for cyber criminals.

What are some examples of how NHIs are used?

NHIs are now commonly used by businesses of all sizes and are authorized to execute a variety of tasks. Some of the most common use cases of NHIs include:

• Automated backup services: Businesses often run automated background processes responsible for backing up critical data. NHIs will allow uninterrupted ingress and egress of information as it flows between connected networks and digital storage solutions.

• Website plugins: Many website plugins rely on API keys to provide access to a content management system (CMS) to automatically sync information from two hosted sources. This allows the plugin to modify certain coding areas and install and download new updates on the business’s behalf.

• Servers SSL/TLS certificates: NHIs are also used when verifying source connections to a web server. These are used to encrypt secure data between servers and browsers when sharing and accessing information on various websites.

Why are NHIs a primary target for cyber criminals?

NHIs have become increasingly targeted by cyber criminals due to both their privileged system access and businesses’ tendency to forget about the access levels granted to them. This lack of visibility and strict management and control of NHIs lead to several vulnerabilities in security.

Some of the common ways cyber criminals are using NHIs for their attacks include:

1. Credential theft: Because of a business’s limited visibility on their NHIs as they operate, criminals can more freely attempt brute force attacks on them. And because NHI security can’t be formatted like human operators — such as multi-factor authentication (MFA) — stealing credentials is more achievable.
2. Privilege escalation: Gaining credentials to a compromised NHI can provide access to a variety of systems. While some NHIs may not have permission levels, if those systems have outdated software or other known vulnerabilities, cyber criminals can exploit them.
3. Lateral network movement: Identifying and compromising vulnerable NHIs is often just an initial step that attacks will take. In most cases, the interconnectivity of API tokens and database servers will open the doors to move laterally across systems or devices that belong to the same network segment. This can allow cyber criminals to install backdoors, launch harmful malware and disable security protocols.

Effective ways to mitigate NHI attack risks

It’s important to recognize the potential vulnerabilities that non-human identities can introduce, especially as businesses scale their infrastructure. Below are some of the strategies that can be put in place to help mitigate NHI attack risks:

1. Take inventory of all established NHIs: One of the most important actions to take when minimizing NHI-oriented cyberattacks is to remove any blind spots currently happening. All NHIs established should be inventoried and made highly visible to key stakeholders.
2. Implement the principle of least privilege: When establishing NHIs, it’s important to only afford the minimum level of access necessary to complete certain business functions. This ensures that even if an NHI becomes compromised, it will minimize the visibility and control it has over critical systems.
3. Regularly rotate NHI credentials: NHI credentials typically only last for a certain period and will require certificate renewal or revocation. However, autorenewals can be put in place, which could potentially cause issues if there is no active monitoring in place. It’s important to regularly review and rotate NHI credentials as frequently as possible for the same security reasons for regularly changing user passwords.
4. Monitor NHI activity for anomalies: Lack of visibility is one of the primary contributors to compromised NHIs. Having network monitoring systems in place that can monitor for suspicious anomalies in NHI access and activity can help locate and isolate potential security issues.
5. Implement strict authorization policies: When developing new systems and migrating workloads to cloud environments, it’s important for all employees to recognize the implications that authorizing NHIs can have. It’s important to establish strict governance policies on NHIs that should be authorized, monitored and revoked as needed.

Keep your non-human identities safe

As organizations look for new ways to automate their processes and streamline operational functions, it’s important to consider the potential risks that unmonitored NHIs can present.

Paying attention to privilege assignments and maintaining ongoing visibility of all NHI authorizations is critical to reducing digital attack surfaces while building a more resilient company infrastructure.