Enterprises Not Confident They Can Secure NHIs TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsVulnerabilities & ThreatsCritical Flaw in Oracle Identity Manager Under ExploitationCritical Flaw in Oracle Identity Manager Under ExploitationbyRob WrightNov 24, 20252 Min ReadApplication SecurityInfamous Shai-hulud Worm Resurfaces From the DepthsInfamous Shai-hulud Worm Resurfaces From the DepthsbyAlexander CulafiNov 24, 20254 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificRecent in World See AllApplication SecurityLINE Messaging Bugs Open Asian Users to Cyber EspionageLINE Messaging Bugs Open Asian Users to Cyber EspionagebyTara SealsNov 21, 20257 Min ReadEndpoint SecurityChina's 'PlushDaemon' Hackers Infect Routers to Hijack Software UpdatesChina's 'PlushDaemon' Hackers Infect Routers to Hijack Software UpdatesbyNate Nelson, Contributing WriterNov 20, 20253 Min ReadThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryIdentity & Access Management SecurityVulnerabilities & ThreatsCyber RiskCybersecurity OperationsCommentaryEnterprises Aren't Confident They Can Secure Non-Human Identities (NHIs)More than half of organizations surveyed aren't sure they can secure non-human identities (NHIs), underscoring the lag between the rollout of these identities and the tools to protect them.Don Tait, Senior Analyst, OmdiaNovember 26, 20254 Min ReadCOMMENTARYNon-human identities (NHIs) are poised to experience exponential growth and adoption throughout the coming year, fundamentally transforming how organizations approach cybersecurity. These digital entities, which include service accounts, system identities, machine identities, and other forms of automated identities, serve as the backbone of modern digital infrastructure by enabling communication and interaction between applications, services, and automated systems.The scope of NHIs extends far beyond simple service accounts, encompassing a diverse ecosystem of digital identities that power today's interconnected technological environment. These critical components include:Service accounts: Dedicated accounts that sysadmins use to access resources and perform operations.API keys: Authentication credentials that enable secure communication between different software applications.Digital certificates: Cryptographic credentials that verify the authenticity and integrity of digital communications.Access tokens: Temporary credentials that grant specific permissions for limited timeframes.Automated bots: Programmed entities that perform routine tasks and interactions across systems.IoT devices and nodes: Systems that communicate on the Internet of Things (IoT) without the need for human intervention.AI agents: Am emerging category of NHI, agents are a security concern on account of their levels both of system access and autonomy.Related:Identity Governance and Administration, App Proliferation, and the App Integration ChasmThe NHI Security Confidence GapThe management and protection of NHIs presents unique challenges that differ significantly from traditional human identity security. These identities require sophisticated governance frameworks to maintain secure inter-service communication, prevent unauthorized system access, and establish clear audit trails for accountability purposes. Unlike human users, NHIs operate autonomously, often with elevated privileges, and can be difficult to monitor using conventional security tools.Recent findings from Omdia's Decision Maker Survey 2025 (see Figure 1) reveal a concerning confidence deficit in the cybersecurity community. Approximately 60% of survey respondents expressed a lack of confidence in their organization's ability to adequately secure NHIs. This statistic underscores a critical gap between the rapid proliferation of these identities and the security measures implemented to protect them, highlighting the urgent need for enhanced security strategies and solutions. Figure 1 – Confidence level of securing non-human identities (NHIs) in your organizationRelated:Orgs Move to SSO, Passkeys to Solve Bad Password Habits  The issues and problems with NHIsOmdia believes that that there are a number of issues and problems that organizations need to address around NHIs, including: Credential security: Many NHIs use plaintext credentials hardcoded in source repositories, making them easily discoverable by threat actors. Additionally, non-complex passwords make these accounts vulnerable to password-guessing attacks.Inventory and visibility challenges: Organizations struggle to maintain complete inventories of NHIs across multiple platforms, endpoints, and cloud integrations. This leads to stale, inactive accounts that expand the attack surface and lack clear ownership for remediation activities.Privilege management: NHIs typically receive excessive privileges beyond operational requirements, violating least-privilege principles. The situation worsens when humans bypass privileged access management (PAM) controls by using NHI accounts instead of proper authentication methods.Operational weaknesses: Credential rotation proves challenging due to vaulting issues, unknown dependencies, and required code changes. Organizations often share NHI credentials across multiple applications and fail to segregate environments, using identical accounts for production and non-production systems.Related:On the Road Again: Hackers Hijack Physical Cargo FreightThese vulnerabilities create significant security risks, enabling lateral movement, unauthorized access, and potential compromise. Organizations need comprehensive NHI management strategies addressing inventory, lifecycle management, privilege controls, and proper credential handling to mitigate these threats effectively.ConclusionsOmdia sees NHIs experiencing unprecedented growth that will accelerate significantly over the next few years and is fundamentally reshaping organizational security landscapes. These automated digital entities — whether service accounts, system identities, or machine identities — have become the backbone of modern interconnected systems, enabling seamless application-to-application and service-to-service communications across complex digital ecosystems.The exponential proliferation of NHIs reflects the broader shift toward automation, cloud-native architectures, and microservices deployments that define today's technological environment. Unlike traditional human identities, these machine-based credentials operate autonomously, facilitating real-time data exchanges, API interactions, and automated processes that power everything from enterprise applications to IoT networks. However, this rapid expansion introduces critical governance challenges. Organizations must implement sophisticated management frameworks to maintain secure interservice communications, enforce strict access controls, and establish comprehensive audit trails. Effective NHI stewardship requires continuous monitoring, life cycle management, and risk assessment protocols to prevent unauthorized access while ensuring operational accountability across increasingly complex digital infrastructures. Omdia believes the next 12 months will be critical for organizations to establish robust NHI security frameworks, as the window for reactive approaches continues to narrow in the face of an increasingly complex and automated digital landscape.Further reading:Cybersecurity Decision Maker Survey 2025: Identity, Authentication, Access Omdia2026 Trends to Watch: Identity, Authentication, Access OmdiaFundamentals of Non-Human Identities OmdiaAbout the AuthorDon TaitSenior Analyst, OmdiaDon Tait supports and specializes in Omdia's identity, authentication and access intelligence service. Previous research areas where he has published reports includes: blockchain, fintech, Identity and Access Management (IAM), fraud protection in payments, smart cards, payment and banking cards, mobile transactions and proximity payments, SIM/eSIM, mPOS, NFC, HCE, and Chip-to-Cloud Security. Don brings well over a twenty years of market research experience to this role.Before joining Omdia, he served as a Telecoms Research Analyst with Frost & Sullivan and was responsible for the firm's broadband services subscription. Previously, Don was a Marketing Consultant with Marketing Research for Industry Ltd., for which he wrote industrial, healthcare and telecommunication reports. Don Holds a BA (Hons) in Business Studies from Edinburgh Napier University. He is based in the company's Wellingborough office in the UK.See more from Don TaitMore InsightsIndustry Reports2025 State of Threat Intelligence: What it means for your cybersecurity strategyGartner Innovation Insight: AI SOC AgentsState of AI and Automation in Threat IntelligenceGuide to Network Analysis Visibility SolutionsOrganizations Require a New Approach to Handle Investigation and Response in the CloudAccess More ResearchWebinarsIdentity Security in the Agentic AI EraHow AI & Autonomous Patching Eliminate Exposure RisksSecuring the Hybrid Workforce: Challenges and SolutionsCybersecurity Outlook 2026Threat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesMore WebinarsYou May Also LikeBlack Hat Middle East & AfricaCybersecurity OperationsDo National Data Laws Carry Cyber-Risks for Large Orgs?Do National Data Laws Carry Cyber-Risks for Large Orgs?byNate Nelson, Contributing WriterNov 19, 20254 Min ReadKeep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeWebinarsIdentity Security in the Agentic AI EraTues, Dec 9, 2025 at 1pm ESTHow AI & Autonomous Patching Eliminate Exposure RisksOn-DemandSecuring the Hybrid Workforce: Challenges and SolutionsTues, Nov 4, 2025 at 1pm ESTCybersecurity Outlook 2026Virtual Event | December 3rd, 2025 | 11:00am - 5:20pm ET | Doors Open at 10:30am ETThreat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesTuesday, Oct 21, 2025 at 1pm ESTMore WebinarsWhite PapersSecure SAST. Innovate Fast: The future of SaaS and Cloud SecurityWhat Can an AI-Powered AppSec Engineer Do?How Squarespace and Semgrep Scaled Secure Development Across Thousands of ReposMissing 88% of Exploits: Rethinking KEV in the AI EraThe Straightforward Buyer's Guide to EDRExplore More White PapersDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2025 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of Use

The document, authored by Don Tait of Omdia, explores the burgeoning and concerning trend of Non-Human Identities (NHIs) within organizations. It highlights a significant confidence gap, with over 60% of surveyed respondents lacking confidence in their ability to adequately secure these automated digital entities – encompassing service accounts, API keys, digital certificates, access tokens, and increasingly, AI agents. The core argument centers around the rapid proliferation of NHIs, driven by automation, cloud-native architectures, and microservices deployments, alongside a concurrent lack of established security frameworks.

The report meticulously details the challenges presented by NHIs, emphasizing that they operate autonomously and with elevated privileges, making them difficult to monitor using conventional security tools. Omdia identifies several key issues: credential security, particularly the prevalence of plaintext credentials embedded in source repositories; inventory and visibility issues leading to stale accounts and expanded attack surfaces; inadequate privilege management, often bypassing traditional least-privilege controls; and operational weaknesses within credential rotation processes, compounded by shared credentials across systems. These vulnerabilities create opportunities for lateral movement, unauthorized access, and ultimately, system compromise.

Omdia emphasizes that the current landscape is characterized by an imbalance – the rapid growth of NHIs far outstrips the organization’s preparedness to manage and secure them. The document stresses the urgency of addressing this gap, suggesting that the next 12 months are critical for organizations to establish robust NHI security frameworks. The key takeaway is the necessity for a proactive approach, moving beyond traditional human identity security models to incorporate sophisticated governance, continuous monitoring, and lifecycle management protocols. The research underscores a fundamental shift in cybersecurity thinking, acknowledging NHIs as a crucial and rapidly expanding attack vector.

The report’s concluding remarks reiterate the critical need for organizational investment in NHI security. With automation becoming increasingly pervasive, unattended NHIs represent a significant and growing risk. Omdia’s analysis, backed by its Decision Maker Survey 2025 data, serves as a potent call to action, urging businesses to prioritize the secure management of these automated digital identities to mitigate potential operational and financial repercussions. Further research from Omdia, including the “Identity, Authentication, Access” suite and “Non-Human Identities” report, can be referenced for deeper understanding of this evolving threat landscape.