NHI 2×2 Framework: From Blind Spots to Closed Loops

Non-human identities (NHIs) are critical yet often overlooked components in digital operations, performing tasks such as assuming roles, signing tokens, and interfacing with APIs at high speeds. These identities can lead to security incidents if not properly managed, as their activities might appear as normal operations until a breach occurs. The NHI 2×2 program offers a structured approach to managing these identities, emphasizing four key motions: Visibility, Intelligence, Management, and Remediation, across service accounts, service principals, certificates, and API tokens. This program aims to maintain a current understanding of who can take what actions on what data, ensuring effective control across cloud, SaaS, data, and on-prem environments. By providing tools like Access Intelligence and Access Search, the program facilitates prioritization and resolution of security issues, while Management and Remediation work to enforce least privilege, automate retirement of dormant accounts, and ensure continuous verification to prevent security risks from recurring. The program underscores the importance of a comprehensive strategy for non-human identity management, integrating visibility, control, and remediation into a seamless operation loop that reduces risk and enhances security posture without disrupting workflows.