The Critical Role of CISOs in Managing IAM - Including Non-Human Identities
Security Boulevard, Monday, February 10th, 2025
Who should own IAM in the enterprise? Identity and access management (IAM) started as an IT function, with the entire focus on giving human users the right access to the right systems.
But today, identity has become the primary attack surface, with at least 80% of all modern breaches involving compromised or stolen identities from adversaries who exploit poor identity. This reality has moved the responsibility for risk onto the shoulders of the team tasked with protecting the organization from attacks, namely security. Which ultimately means the CISO.
However, there's a major blind spot in this conversation: non-human identities (NHIs). This is a critical oversight. We are witnessing non-human identities (NHIs) outnumber humans by a factor of at least 45-to-one in the enterprise, with some estimates as high as 100 to 1.