[MUSIC PLAYING] Non-human identities are growing rapidly in modern environments because there are so many systems that people are trying to add to their environment and offload work from their human employees. Non-human identities pose a very interesting risk because in some cases, with service accounts, you're using them in a very specific way, and because they're very specific, you're losing track of them in a lot of cases.
So for instance, maybe you have a service account that just performs a simple video processing process. You set it up. You forget it. Well, that thing has credentials into your data model. Somebody could hack that and introduce malicious code into the environment through that data model and so forth.
Traditional IAM is usually created by humans for humans. So when you develop an IAM practice, you're typically looking at how are my employees, my contractors, and my partners-- who are usually humans-- how are they brought back into the fold? How are they managed and governed by your IAM program? Very rarely is there a cohesive system developed in your IAM program for all types of non-human identities. So you get this fragmented security state for these non-human identities.
So inventorying and classifying non-human identities can be done in a number of ways. And from there, you can develop a program to manage them. So the relationship between automation and the DevOps pipeline is pretty straightforward. Unfortunately, when you do rapid development, say through DevOps or other models, if you don't continually do continual service improvement, you may lose track of where those initial admin service accounts or other RPA-type accounts are, and it may leave you exposed unnecessarily or just accidentally.
The must-haves for securing non-human identities in a modern enterprise are varied, but you have some standards that you need to have. You need to have identity governance. You need to have an access management tool that can draw in multiple directory sources and allow you access in a secure way, for SSO, MFA, step-up authentication, that sort of thing. You also need to have tooling that will allow you to lock down service accounts at the source but also allow you to manage them cohesively.
You need to lock down not only your data at rest but your data at transit. So using tools like secure networking systems for data in transit, and then data at rest would be data governance tools. So the important thing to remember when you're developing a cohesive program for managing non-human identities is that you need to not only take into consideration how you're managing the identities once they're in-house and you have them under governance, but also where they're going and where they're coming from.
02:46