web analytics

How do I secure dynamic NHIs in a microservices architecture? – Source: securityboulevard.com

how-do-i-secure-dynamic-nhis-in-a-microservices-architecture?-–-source:-securityboulevard.com
Rate this post

Source: securityboulevard.com – Author: Amy Cohn

Should We Be Concerned About the Security of Dynamic NHIs in a Microservices Architecture?

The advent of dynamic Non-Human Identities (NHIs) in a microservices architecture has undoubtedly added a new dimension to cybersecurity. But with this innovation comes an increased vulnerability. So, is the security of your dynamic NHIs something we should be worried about? Let’s delve into this question and unravel its complexities.

Unravelling the Concept of Dynamic Non-Human Identities (NHIs)

To set the stage, let’s first understand what we mean by dynamic NHIs. Non-Human Identities or NHIs are machine identities used in cybersecurity. They are designed and deployed to operate autonomously within a digital ecosystem, and their role is akin to a “tourist” with a “passport” in a foreign land.

This passport, in cybersecurity parlance, is also called a “Secret.” Each secret is an encrypted code that grants the NHI unique permissions within that ecosystem. An NHI’s secret is like a passport, and the permissions it has are akin to visas allowing access to different parts of the system.

Techstrong Gang Youtube

AWS Hub

Dynamic NHIs, which operate within a microservices architecture, have the ability to adapt and change at a rapid pace, making it a challenge for security teams to keep up.

Need for a Holistic Approach to Dynamic NHIs Security

Keeping dynamic NHIs and their secrets secure calls for a holistic and robust approach, one that incorporates all lifecycle stages: discovery, classification, threat detection, and remediation. Traditional methods like secret scanners may not suffice. To provide end-to-end protection, cybersecurity teams need comprehensive security platforms that give insights into ownership, permissions, usage patterns, and potential vulnerabilities. This provides the required context-aware security, which is vital for managing dynamic NHIs.

The Benefits of Securing Dynamic NHIs

Why should your organization invest in securing dynamic NHIs? The reasons are compelling. Here are some key benefits:

  • Reduced risk: Be proactive in identifying and mitigating security risks associated with dynamic NHIs to reduce the likelihood of breaches and data leaks.
  • Improved compliance: Stay in tune with regulatory requirements through effective policy enforcement and audit trails.
  • Increased efficiency: Automate NHIs and secrets management to free up your security team to focus on strategic initiatives.
  • Enhanced visibility and control: Gain a centralized view for access management and governance.
  • Cost savings: Lower operational costs by automating secrets rotation and NHIs decommissioning.

The Challenge of Microservices Architecture

While microservices architecture offers many benefits, it presents a unique challenge when it comes to managing dynamic NHIs: the sheer volume and speed of changes that occur. An NHI may only exist for a brief time before being decommissioned, requiring a constant, vigilant eye on security.

Microservices live in a cloud environment where they can be created, deployed, and decommissioned rapidly. This agility is an advantage from an operational perspective, but it leaves security professionals grappling with how to manage these identities and their secrets without causing friction in the development process.

Fortunately, solutions are emerging that address the specific challenges posed by dynamic NHIs in a microservices architecture. When effectively implemented, these can offer comprehensive security controls while still leveraging the speed and flexibility of the cloud. One such solution is the concept of Value-Based optimization, which leverages Node.js app engine applications to optimize security.

Investing in the security of dynamic NHIs in a microservices architecture is not a luxury but a necessity. The importance of NHI security becomes even more pronounced. It’s key to remember that any weak link in your cybersecurity chain could be catastrophic. Therefore, fostering robust security measures around dynamic NHIs will significantly enhance your overall cybersecurity posture.

In our upcoming posts, you can look forward to more insights on securing NHIs in different scenarios and the recent breakthroughs. Stay tuned as we delve deeper into this fascinating and crucial aspect of cybersecurity. Meanwhile, feel free to explore our previous articles on NHI’s threats and mitigation and cybersecurity predictions for 2025 for a comprehensive understanding of the subject.

Embracing the Complexity of Dynamic NHIs

It becomes evident that we are dealing with a complex and constantly evolving. A common misconception is that dynamic NHIs only add security risks and complicate things. However, when their management is handled effectively, these identities can significantly strengthen the overall security ecosystem of an organization. The key lies in understanding NHIs and their behavior patterns in a microservices architecture environment.

Dynamic NHIs use secrets that grant specific permissions. This somewhat mimics traditional human identity access principles. However, unlike human identities, dynamic NHIs have the ability to evolve, behaving uniquely based on the requirements of the task at hand. This flexibility is a boon for application developers as it allows for seamless integration, efficiency, and automation. On the flip side, it creates security challenges that traditional measures may fail to address.

The Role of Cloud Environment on Dynamic NHIs

Microservices are intended to resemble living ecosystems. They are created, they perform their function, and then they are decommissioned in quick cycles. In a cloud environment, this process happens at an accelerated pace.

A dynamic NHI in a microservices architecture could exist for just a few minutes or even seconds before it gets decommissioned, and a new one is generated. From a security standpoint, managing these changing identities is a demanding task. Traditional secret scanners, which are designed to take a snapshot of the system at a given point, may not provide adequate protection.

Professionals need comprehensive management platforms that can monitor dynamic NHIs in real-time, providing insights into factors such as usage patterns, permissions, and potential vulnerabilities. A solution like the concept of Value-Based optimization can enhance the security of dynamic NHIs while maintaining the performance benefits of a cloud environment.

Keeping Up with Dynamic NHIs: A Coordinated Effort

Securing dynamic NHIs is not a one-time process but a constant effort. It requires close collaboration between different teams, including security, development, and operation professionals. The disconnect often observed between security and R&D teams can open up vulnerabilities, making frequent communication and data sharing crucial in keeping NHIs protected.

Moreover, despite being a technical discipline, effective NHI management is not solely reliant on advanced tools or the latest artificial intelligence algorithms. Rather, it is more about a thoughtful, organized, and methodical approach that keeps human oversight at its core.

Creating a Safer Digital Ecosystem

In conclusion, the security of dynamic NHIs should not be overlooked. The rate at which these identities are created and decommissioned in a microservices architecture signifies the importance of a robust NHI management strategy. An effective strategy goes beyond the detection and remediation of threats. It is an all-encompassing solution that begins with the discovery and classification of NHIs and extends to creating policies that promote safer practices.

Anticipating and dealing with the challenges of dynamic NHIs in a microservices architecture is a worthwhile effort. With proper management, these NHIs will not only strengthen your cybersecurity ecosystem but also contribute to the efficiency and performance of your cloud environment.

We will continue exploring various aspects and developments that directly impact organizations across industries. We invite you to join this dialogue and stay informed about the future of cybersecurity. For further reading, you may find it valuable to navigate through past discussions on wide-ranging themes, such as differences between human and non-human identities.

The post How do I secure dynamic NHIs in a microservices architecture? appeared first on Entro.

*** This is a Security Bloggers Network syndicated blog from Entro authored by Amy Cohn. Read the original post at: https://entro.security/how-do-i-secure-dynamic-nhis-in-a-microservices-architecture/

Original Post URL: https://securityboulevard.com/2025/03/how-do-i-secure-dynamic-nhis-in-a-microservices-architecture/?utm_source=rss&utm_medium=rss&utm_campaign=how-do-i-secure-dynamic-nhis-in-a-microservices-architecture

Category & Tags: Security Bloggers Network,Cloud-Native Security,Cybersecurity,NHI Lifecycle Management – Security Bloggers Network,Cloud-Native Security,Cybersecurity,NHI Lifecycle Management

Views: 2

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

SCYTHE
Better Cybersecurity Metrics – SOC Metrics – Threat Hunting Metrics – Cyber Threat Intelligence (CTI) Metrics – Incident Response (IR) Metrics for CISOs by SCYTHE
Better Cybersecurity Metrics – SOC...
Joas Antonio
100 Security Operation Tools for SOCs by Joas Antonio
100 Security Operation Tools for...
Joas Antonio
Guide for Multi-Cloud Read Team AWS – GCP – AZURE by Joas Antonio
Guide for Multi-Cloud Read Team...
SANS
SANS Faculty Cybersecurity Free Tools – SANS Instructors have built more than 150 open source tools that support your work and help you implement better security.
SANS Faculty Cybersecurity Free Tools...
Ciso Council
CISO Security Officer Handbook
CISO Security Officer Handbook
Splunk
81 Siem Very important Use Cases for your SOC by SPLUNK
81 Siem Very important Use...
Vendict
The 2024 CISO Burnout Report by Vendict
The 2024 CISO Burnout Report...
Mohammad Alkhudari
Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024
Cybersecurity Strong Strategy step by...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...

LASTEST PUBLISHED POSTS

Cyberint
Retail Threat Landscape Report Q1-Q3 – November 2024 Summary by Cyberint a Check Point Company
Retail Threat Landscape Report Q1-Q3...
NCSC
Protecting Critical Supply Chains – A Guide to Securing your Supply Chain Ecosystem
Protecting Critical Supply Chains –...
Culture AI
Time to Adapt – The State of Human Risk Management in 2024 by Culture AI.
Time to Adapt – The...
National Cyber Security Centre
Engaging with Boards to improve the management of cyber security risk.
Engaging with Boards to improve...
Microsoft Security
2024 State of Multicloud Security Report by Microsoft Security
2024 State of Multicloud Security...
bugcrowd
Inside the Mind of a CISO 2024 The Evolving Roles of Security Leaders 2024 by bugcrowd
Inside the Mind of a...
Mohammad Alkhudari
Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024
Cybersecurity Strong Strategy step by...
Lacework
CISO’s Playbookto Cloud Security by Lacework
CISO’s Playbookto Cloud Security by...
MITRE - Carson Zimmerman
Ten Strategies of a World-Class Cybersecurity Operations Center by MITRE
Ten Strategies of a World-Class...
SILVERFRONT - AIG
Identity Has Become the Prime Target of Threat Actors by Silverfort AIG.
Identity Has Become the Prime...
CYZEA.IO
Enterprise Information Security
Enterprise Information Security
IGNITE Technologies
ENCRYPTED REVERSE
ENCRYPTED REVERSE

More Latest Published Posts

WORLD BANK GROUP
Global Cybersecurity Capacity Program
Global Cybersecurity Capacity Program
Gary Hinson
Getting started withsecurity metrics
Getting started withsecurity metrics
EDPS
Generative AI and the EUDPR.
Generative AI and the EUDPR.
Bright
2024 Guide to Application Security Testing Tools
2024 Guide to Application Security Testing Tools
HADESS
Hacker Culture
Hacker Culture
Quuensland Govermment
RISK ASSESSMENT PROCESS HANDBOOK
RISK ASSESSMENT PROCESS HANDBOOK
Ministry of MOS Security
HIPAA SIMPLIFIED
HIPAA SIMPLIFIED
Hacker Combat
How Are Passwords Cracked?
How Are Passwords Cracked?
CIS - Center for Internet Security
How to Plan a Cybersecurity Roadmap in Four Steps
How to Plan a Cybersecurity Roadmap in Four Steps
ACSC Australia
Information Security Manual
Information Security Manual
Kaspersky
Incident Response Playbook: Dark Web Breaches
Incident Response Playbook: Dark Web Breaches
ninjaOne
Endpoint Hardening Checklist
Endpoint Hardening Checklist
HADESS
Important Active Directory Attribute
Important Active Directory Attribute
ISA GLOBAL CYBERSECURITY ALLIANCE
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
Rajneesh Gupta
IAM Security CHECKLIST
IAM Security CHECKLIST
sqrrl
Hunt Evil
Hunt Evil
Searchinform
How to protect personal data and comply with regulations
How to protect personal data and comply with regulations
Giuseppe Manco
Threat Intelligence Platforms
Threat Intelligence Platforms
CSA Cloud Security Alliance
Hardware Security Module(HSM) as a Service
Hardware Security Module(HSM) as a Service
IGNITE Technologies
CREDENTIAL DUMPING FAKE SERVICES
CREDENTIAL DUMPING FAKE SERVICES
IGNITE Technologies
A Detailed Guide on Covenant
A Detailed Guide on Covenant
NIST
Computer Security Incident Handling Guide
Computer Security Incident Handling Guide
IGNITE Technologies
DIGITAL FORENSIC FTK IMAGER
DIGITAL FORENSIC FTK IMAGER
Accedere
Cloud Security Assessment
Cloud Security Assessment
YL VENTURES
CISO Reporting Landscape 2024
CISO Reporting Landscape 2024
CISO Edition
Reporting Cyber Risk to Boards
Reporting Cyber Risk to Boards
CIOB
CIOB Artificial Intelligence (AI) Playbook 2024
CIOB Artificial Intelligence (AI) Playbook 2024
INCIBE & SPAIN GOVERNMENT
Nuevas normativas de 2024 de ciberseguridad para vehículos
Nuevas normativas de 2024 de ciberseguridad para vehículos