Vendor Capability:
A strong NHI security posture means continuously monitoring risks, closing security gaps, and ensuring compliance. A good solution helps security teams focus on the most critical risks by assessing impact and blast radius while also aligning with security and regulatory requirements.
Key capabilities include detecting inactive identities, unrotated keys, shared roles, and overly permissive access. It should also flag exposed access tokens, missing network policies, and lingering credentials from offboarded employees. To stay ahead of threats and compliance risks, the system must track permissions drift, over-privileged accounts, and mismanaged secrets—ensuring security policies are enforced and audit-ready.
Questions to ask an NHI Provider:
How do you prioritize risk?
Does your solution assess and prioritize it based on criticality and potential blast radius?
How does your solution help maintain compliance with security frameworks and regulatory requirements?
Can you detect and track inactive identities, unrotated keys, multiple access keys, and shared accounts?
Does your platform provide visibility into over-privileged accounts, permissions drift, and credentials created by offboarded employees?
Does your platform detect and manage exposed secrets, including K8s secrets, hardcoded credentials, and secrets not stored in vaults?
Can your platform benchmark our NHI security posture against industry standards and best practices?
Functionalities
Description
Risk management dashboard
Present an overview of identity security posture compared to an industry benchmark, highlighting total identities across all environments, risk levels, key rotation overview across all auth types, top risky identities, and critical security insights across all environments, cloud and on-prem.
Mitigate risks based on their criticality and potential blast radius
Have the ability to prioritize risks based on potential blast radius scores or other metrics for immediate attention.
Active vs. non-active identities
Identify all active and inactive identities across all environments.
Detect unrotated keys and the time since they were last rotated.
Identify when was the last time each key was rotated and who consumed it. and from where (IP/Service/workload).
Detect multiple access keys
Detect identities with multiple access keys and/or multiple personal access tokens (PAT) to avoid potential abuse.
Detect inactive access keys
Detect forgotten access keys that are no longer used.