Itzik Alvas, CEO and Co-Founder, Entro SecurityFebruary 6, 20254 Min ReadNicoElNino via Alamy StockRecent high-profile security breaches have exposed alarming vulnerabilities in how enterprises manage non-human identities (NHIs) and secrets. From mishandling sensitive developer credentials to exposing secrets in collaboration tools, the threats have escalated. With cyberattacks becoming more sophisticated, addressing these gaps has become critical to safeguarding enterprise systems.Also called machine identities, NHIs outnumber human users. APIs, service accounts, cloud instances, and IoT devices form an invisible army of digital workers, each with its own identity and permissions. Here, I analyze how specific failures have enabled breaches and explore what enterprises must do to close these gaps.Modern enterprises are failing to keep pace with the NHIs that are being created in their environments, and as a result many identities remain exposed in publicly accessible areas for far too long.Bill Demirkapi recently made news for finding more than 15,000 hardcoded secrets and 66,000 vulnerable websites, all by searching overlooked data sources, underscoring the poor secrets management practices of modern enterprise security. These secrets were already active and exposed, just waiting for a bad actor to exploit them, but this is nowhere near the full scope of the problem.Related:Symantec reported that many mobile applications contain hardcoded cloud service credentials, such as AWS or Azure keys. These credentials are a goldmine for attackers, enabling unauthorized access to sensitive resources. Simple missteps during development, such as failing to use secrets management tools, can lead to catastrophic breaches.Collaboration: The Cost of Human ErrorExposures in collaboration tools such as Slack and Jira are increasingly a focal point for exposures. Disney has even vowed to move off Slack altogether to eliminate this exposure surface, after hackers were able to successfully leverage Slack to breach Disney and exfiltrate 1.1TB of data. Enterprises must treat collaboration tools as critical assets and secure secrets on them and human and non-human interactions with them in how they secure databases or servers.Unmonitored and Over-PermissionedIn the Okta-related Cloudflare breach, attackers used stolen personal access tokens to bypass multi-factor authentication (MFA), gaining access to highly sensitive systems. This breach highlights how static tokens can undermine enterprise security if not frequently rotated or monitored.The incident also revealed how attackers exploited unmonitored NHIs to move laterally and compromise additional identities within systems. Enterprises often fail to monitor NHI behaviors, such as unusual API usage or privilege escalation. Advanced behavioral analytics are essential for detecting and mitigating such threats.Related:Many enterprises over-provision NHIs, granting excessive permissions that attackers can exploit. For example, once hackers infiltrated Snowflake, they accessed terabytes of customer data by leveraging over-permissioned NHIs. These identities must be assigned least-privilege access to minimize damage during a breach.Secret Rotation Practices and Shared SecretsMany breaches stem from stagnant credentials. For instance, attackers in the Cloudflare breach exploited credentials that had not been rotated since an earlier compromise. Automated rotation policies should be enforced to ensure secrets are regularly updated, and workflows should be triggered when a breach is detected, even if the breach occurs in a partner environment.When multiple NHIs can be created by the same secret, this secret is referred to as a shared secret. Shared secrets are an Achilles heel of secure NHI architectures. Whether in developer workflows or cloud configurations, shared credentials increase the attack surface by allowing a single compromised identity with over-permissive access to additional resources. Enterprises must implement tools like AWS Secrets Manager or Azure Key Vault to enforce good hygiene and eliminate shared secrets altogether.Related:Despite advancements in identity and access management (IAM), modern IAM solutions rarely address NHIs, and fail to do so effectively. As the Cloudflare breach demonstrated, attackers exploit NHIs to access high-privilege accounts. Implementing NHIAM frameworks can mitigate these risks by ensuring:Granular access controls: Restrict NHI permissions to only what is necessary.Continuous monitoring: Use AI-driven tools to detect anomalies in NHI behavior.Dynamic credential management: Rotate and expire credentials automatically.Closing the GapsTo prevent future breaches, enterprises must adopt a holistic strategy to secure NHIs and secrets:Adopt zero-trust principles: Validate all secrets and provide permissions keeping with the principle of least privilege.Automate security practices: Use tools for automated NHI behavior monitoring, anomaly detection and response.Enhance collaboration tool security: Apply least-privilege access and periodically audit logs in platforms like Slack and Jira.Have response workflows in place: When an attack occurs, as well as threats to the third-party ecosystem.Educate developers: Provide training on secure coding practices, emphasizing the risks of hardcoded credentials.By learning from recent breaches and addressing these vulnerabilities, enterprises can protect their digital ecosystems from escalating threats. Its no longer just about securing human identities; its about ensuring NHIs and their secrets are protected with equal rigor.This shift is essential for enterprises to navigate an increasingly complex threat landscape and emerge resilient in the face of evolving cyberattacks.About the AuthorItzik AlvasCEO and Co-Founder, Entro SecurityItzik Alvas is co-founder and CEO at Entro Security. He started his career started his cybersecurity journey 19 years ago when he was selected to join the elite cyber security unit of the IDF (Israel Defense Forces), he was introduced to the cyber security ecosystem there and gained enormous knowledge and experience on a nation-state level. After serving for five years he moved to the real world where he held various positions in the industry including developer, DevOps, cyber security researcher and CISO of a major healthcare organization. Before becoming the head of security and SRE at Microsoft.See more from Itzik AlvasNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports