Machine, workload, service—it doesn’t matter if it’s unsecured

In a recent panel discussion hosted by Lalit Choda at Identiverse, the urgent issue of managing non-human identities (NHIs) in cybersecurity was explored, highlighting the industry's inconsistency in terminology and governance. Experts emphasized the need for clearer distinctions between credentials and identities, as well as a standardized framework for access management across different systems like AWS, Azure, and GCP. The panelists, including Kirby Fitch, discussed the challenges organizations face in answering fundamental questions about access control, often resulting in fragmented and reactive governance efforts. Vincenzo Iozzo and Michael Silva provided real-world examples of how NHIs are exploited, noting a significant increase in credential-based attacks and demonstrating how attackers use leaked credentials to move undetected across cloud services. The discussion underscored the necessity for identity security measures that extend beyond visibility, advocating for comprehensive governance and short-lived, least-privileged access policies.