Non-Human Identities [NHIs] play an increasingly important role in enabling business processes and automation. However, they also represent a growing risk to an organization’s security posture. When properly harnessed, these digital entities – e.g. service accounts, API keys, access tokens, and other forms of machine-to-machine communications – unlock powerful automation, but security teams struggle to inventory, secure, and manage their NHIs. These accounts and authenticators often have excessive permissions and sometimes exist outside of IT and security’s purview, which exposes critical systems to unauthorized access.
In this session, Thijn Bukkems, Threat Hunting Lead at Grammarly, will share the company’s journey to fully managing their NHIs. He’ll discuss how Grammarly initially approached NHI security and their goal of eliminating long-lived credentials in favor of ephemeral authentication. He’ll also highlight the challenges they faced, such as difficulty gaining full visibility into their NHI landscape, and the tools they’ve implemented to improve monitoring and risk management. Finally, Thijn will outline their NHI roadmap, focusing on deeper visibility, refining security context, and enhancing alerting mechanisms.