New research conducted by Enterprise Strategy Group exposes growing security risks posed by machine identities and provides actionable mitigation advice

NEW YORK: #CLM--AppViewX, the leader in automated certificate lifecycle management (CLM) and PKI solutions, today announced the release of a new report titled, Securing Non-Human Identities: Insights for an Effective Cybersecurity Program. Conducted in partnership with TechTarget’s Enterprise Strategy Group (ESG), the report surveyed 367 IT, cybersecurity, and DevOps professionals to assess the growing volume and risks associated with non-human identities (NHIs) in modern IT environments.

The research exposes the security threats associated with NHIs, which include machine identities, digital certificates, API cloud keys, service accounts, and other automated systems. According to the report, NHIs outnumber human identities by a factor of 20, yet nearly one in five are inadequately protected. The study also found that 66 percent of enterprises have experienced a successful cyberattack resulting from compromised NHIs. Additionally, 57 percent of the episodes where organizations suffering a successful attack tied to NHI compromises got Board of Directors attention.

“Non-human identities represent one of the most significant attack surfaces within today’s enterprises,” said Todd Thiemann, Senior Analyst at ESG. “Without proper management and security controls, NHIs can lead to costly data breaches, operational disruptions, and compliance failures. This report provides valuable insight into the current NHI landscape, how organizations are addressing risks, and their intentions for ensuring continuous security as their NHI volume grows.”

Key Findings from the Report Include:

• NHI Proliferation: Organizations now manage 20 times more non-human identities than human ones, with more than 50% expecting this number to increase by over 20% in the next year.
• Compromise Incidents: Nearly 46% of organizations have experienced breaches related to non-human identities, with the average enterprise suffering 2.7 incidents in the past year.
• Visibility and Lifecycle Challenges: A significant portion of respondents reported poor visibility into their NHI environment, with many lacking confidence in their ability to secure and manage these identities effectively.
• Increased Investment in Security: Over 80% of organizations expect to increase spending on non-human identity security, with a focus on identity threat detection, certificate lifecycle management, and workload access control.

“The complexity of modern cloud environments makes managing non-human identities manually unfeasible, even for smaller organizations. Meanwhile, digital transformation, AI and cloud-first initiatives are pushing the population of these digital identities to near exponential growth,” said Gregory Webb, Chief Executive Officer at AppViewX. “Automated certificate lifecycle management and crypto-agility are key to avoiding security lapses, preventing costly outages and reducing exposure to cyber threats. This report underscores both the scale and severity of the problem.”

Availability

The full Securing Non-Human Identities report is available for download on the AppViewX website at www.appviewx.com/NHI-report.

About AppViewX

AppViewX is trusted by the world’s leading organizations to reduce risk, ensure compliance, and increase visibility through automated certificate lifecycle management. The AVX One platform provides complete certificate lifecycle management and PKI-as-a-Service using streamlined workflows to prevent outages, reduce security incidents, and enable crypto-agility. Fortune 1000 companies including six of the top ten global commercial banks, five of the top ten global media companies, and five of the top ten managed healthcare providers rely on AppViewX to automate NetOps, SecOps, and DevOps. AppViewX is headquartered in New York with offices in the U.K., Australia, and three development centers of excellence in India. For more information, visit AppViewX and follow us on LinkedIn and X/Twitter.

Fonte: Business Wire