Cloud security was analyzed in a recent report by Atrix Security. The report focuses on the current state of non-human identity (NHI) security. The findings reveal a significant security disparity: organizations are much less equipped to secure non-human identities than their human counterparts.
The most common challenges include service account management and NHI detection. Although the survey also revealed that there is a growing recognition of the importance of investing in NHI security, with one in four organizations already investing in these capabilities and a further 60% planning to do so in the next 12 months.
Nearly one in five organizations have experienced a security incident involving their NHS. The most common reasons for NHI-related attacks were: lack of credential rotation (45%); Inadequate monitoring and recording (37%); And on premium accounts/identities (37%).
There is a significant gap in organisations' security approaches, with 1.5 out of 10 organizations very confident in their ability to secure NHS trusts, compared to nearly one in four organizations for securing human identities. This lack of confidence in securing NHIs against human identities could be due to the sheer size of NHIs in their environment, which often outnumber human identities by a factor of 20 to one.
These tools are not specifically designed to address the security challenges faced by the National Health Insurance; For example: 58% use identity and access management (IAM) systems; 54% use privileged access management (PAM); 40% use API security measures; 38% use zero trust/least privilege strategies; 36% use secret management tools. As a result, the three most common causes of NHI security incidents include lack of credential rotation (45%), insufficient monitoring and logging (37%), and overly privileged accounts or identities (37%).
Key challenges faced by organizations include audit and monitoring (25%); access and privileges (25%); Discovery of national health institutions (24%); and strengthening policies (21%). Another big concern is the struggle to gain visibility into third-party vendors connected to OAuth applications, with 38% of organizations reporting no or low visibility of third-party vendors, and another 47% having only partial visibility.
Read the report.
