SecZetta Interviewed for Forrester Report on Non-human Identities - Security Boulevard

SecZetta Interviewed for Forrester Report on Non-human Identities

Report examines how to apply IAM “Zero Trust” principles to non-human workers 

Earlier this month, Forresterone of the most influential research and advisory firms in the world, released a new report, How To Secure And Govern Non-Human Identities, which was subtitled with the soundful advice to, “Apply Zero Trust IAM Principles To Secure Software Bots, Physical Robots, and IoT Devices”. The report is very timely due to the accelerated pace in utilization of non-human workers being adopted by organizations and governments globally.  The report poses the question “Do you know how many software bots, physical robots, or IoT devices are connected to your network? How many of these devices store or interact with critical data?”.  While non-human workers increase efficiency and productivity and can eliminate human mistakes, it is also true that they expand an organization’s attack surface. Especially given the fact that orphaned or unmanaged accounts are particularly susceptible to compromise by hackers.   

Since using non-human workers, such as RPAs (robotic process accounts), service accounts, Bots, and IoT devicesis relatively new to organizationsalmost none have adopted identity lifecycle management processes to manage these workers and many don’t even know how many non-human workers are connected to their network.   SecZetta, has been at the forefront of managing the identities for non-human workers (The Lifecycle of Non-Human Workers Minimizing Cyberattacks by Managing Non-human Workers) and was interviewed to provide our insight on this growing issue, particularly including providing background on the types of non-human workers and best identity practices to manage them.  One of the key tenets of our thinking is that if the proper approach of monitoring and managing the lifecycle of non-human workers is taken, organizations can stop cyberattacks, data breaches, and compliance issues associated with these entities and their access. 

SecZetta Strategy for Non-human workers 

One of the major issuethat organizations need to address is the ownership of a non-human accountIn short, CISO, IAM, Identity, Risk, and Dev teams should manage non-human workers with the same identity and lifecycle processes as a human workerPresently organizations configure their identity programs so that non-human workers belong to human workerHowever, when the human worker changes roles or leaves the organization, the most common identity process dictates that the accounts belonging to that human worker are disabled which includes any non-human accounts that role up to it.  The non-human worker account may also be orphaned and left vulnerable to hackers. The account should not belong to a person but should be managed as its own identity similar to the human identity lifecycle management processes. This shift results in the management of that entity being transferred or addressed when the owner is terminated, as opposed to the account being disabled or orphaned.  

SecZetta enables organizations to assign an identity to a non-human worker and solves the maintenance issue of important information about non-human entities.  Authoritative entity details like device status or ownership that will allow for the proper governance of the access the bot, device, service account or application has which will mitigate for any risk it presents.  SecZetta enables the collection of relevant details when a bot, IoT device, service account, or RPA is put into service, so organizations can make well-informed decisions about what access is needed to allow the bot or device to function. It also places protocols in place which will periodically determine whether its access is still appropriate or necessary. 

 

Read the entire Forrester report here- How to Secure And Govern Non-Human Identities:  Apply Zero Trust IAM Principles To Secure Software Bots, Physical Robots, and IoT Devices 

Recommendations 

Minimizing Cyberattacks by Managing the Lifecycle of Non-Human Workers – HelpNet Security 

The Lifecycle of Non-Human Workers Whitepaper 

*** This is a Security Bloggers Network syndicated blog from Industry Blog | SecZetta authored by Keith Durand. Read the original post at: https://www.seczetta.com/seczetta-forrestor-report-on-non-human-identities/