By Sean Deuby, Principal Technologist at Semperis
Unless you’re a regulated business, identity governance and administration (IGA) is usually an afterthought. This has been the reality of IT as long as there’s been IT.
Even after 26 years of general availability, identity governance is far from a given in Active Directory environments, especially smaller ones. Organizations often find they have thousands of under-regulated NHIs accumulated over years or even decades. This is one of many reasons identity systems are a favorite target of threat actors; they know very well these NHIs are overprivileged, under protected, and neglected.
Take these same factors, surround them with the tinder of cloud services’ ease of use, pour the gasoline of AI onto it – and give developers the match. That’s the dumpster fire we’re looking at today, with NHIs outpacing human identities at what seems like a geometric progression.
We can’t just wring our hands about the situation; we need to take steps immediately. We must put controls in place as soon as possible. And we must discover what’s already out there, using any tools we have, so we know the scope. You don’t know the size of your dumpster fire until you’ve looked.
