(S13) (INNO) An Introduction To Non-Human Identity Governance
Tuesday, October 14, 2025 2:15 PM to 2:30 PM · 15 min. (Canada/Eastern)
Information
Non-human identities (NHIs) now outnumber people across modern enterprises by a factor of 100 to 1, according to most estimates. Yet they cannot enroll in MFA, are often over-privileged, rarely deprovisioned, and leave few forensic fingerprints when misused. As secrets proliferate across code, CI/CD, containers, and collaboration tools, attackers are not breaking in; they are logging in with leaked or mismanaged credentials.
This informative session presents a pragmatic, secrets-first approach to NHI governance. We demonstrate how treating credentials as the primary signal enables the creation of a trustworthy NHI inventory at scale by unifying perimeter findings for leaked secrets with the data and secrets stored safely in vaults, which lack cross-instance visibility. With this complete inventory in hand, you can apply policies to reality using policies derived from the OWASP Top 10 for NHI Risks, addressing high-impact situations such as duplicate storage across multiple vaults, cross-environment reuse of the same credential, and long-lived keys that widen the blast radius.
Come to this session to learn how to:
Identify what makes NHI access fundamentally different from human access and why “logging in” attacks are rising.
Build a reliable NHI inventory by correlating perimeter discoveries with vault metadata using a secrets-first model.
Detect and prioritize risky patterns: Leaked secrets, multi-vault duplication, cross-env reuse, and long-lived credentials.
Map where credentials are actually consumed to focus remediation without breaking workloads.
Operationalize rotation and revocation, track code fixes, and use metrics to drive continuous improvement.
This informative session presents a pragmatic, secrets-first approach to NHI governance. We demonstrate how treating credentials as the primary signal enables the creation of a trustworthy NHI inventory at scale by unifying perimeter findings for leaked secrets with the data and secrets stored safely in vaults, which lack cross-instance visibility. With this complete inventory in hand, you can apply policies to reality using policies derived from the OWASP Top 10 for NHI Risks, addressing high-impact situations such as duplicate storage across multiple vaults, cross-environment reuse of the same credential, and long-lived keys that widen the blast radius.
Come to this session to learn how to:
Identify what makes NHI access fundamentally different from human access and why “logging in” attacks are rising.
Build a reliable NHI inventory by correlating perimeter discoveries with vault metadata using a secrets-first model.
Detect and prioritize risky patterns: Leaked secrets, multi-vault duplication, cross-env reuse, and long-lived credentials.
Map where credentials are actually consumed to focus remediation without breaking workloads.
Operationalize rotation and revocation, track code fixes, and use metrics to drive continuous improvement.
Type
Session
Stage
Innovation Stage
