Artificial Intelligence & Machine Learning , Black Hat , Cloud Data Security & Resilience
Nonhuman Identities: A Growing Threat in the Cloud
Entro Security's Adam Cheriki on Non-Human Identity Lifecycle Management and Secrets SecurityWith the rapid rise of cloud services, organizations are grappling with an unprecedented number of nonhuman identities used by applications and machines. "For every human identity, you will have 45 nonhuman identities created," said Adam Cheriki, co-founder and CTO of Entro Security. A company with 1,000 employees would have "thousands of nonhuman identities and a very large attack surface." He added that while these identities can be easily created, many remain unmanaged, leading to serious security gaps.
See Also: Securing the Cloud, One Identity at a Time
To address this issue, Entro Security's platform offers end-to-end lifecycle management and security for nonhuman identities. The company helps organizations gain complete visibility into identities and secrets, reducing the risk of breaches by tracking where these identities exist and how they interact, he said.
"In just 45 days, there have been six attacks that are related to nonhuman identities," plus hacks of The New York Times, SolarWinds and Globant, Cheriki said. With Entro Security's platform, organizations can not only get comprehensive context about the attack surface but also automate the decommissioning of stale identities, he said.
In this video interview with Information Security Media Group at Black Hat 2024, Cheriki also discussed:
- The limitations of traditional internal tools companies use and what differentiates Entro Security's platform;
- The critical importance of tracking nonhuman identities throughout their life cycle;
- Real-world customer success stories demonstrating how automation reduces inactive identity risks.
Cheriki leads product development and technical strategy, focusing on cloud security and Active Directory protection. He has more than 10 years of experience, and his expertise spans threat detection and software engineering. Cheriki has worked at major companies including IBM and Broadcom. To learn more about Entro and non-human identities, check out Non Human identities Cybersecurity challenges and solutions.