Non-Human Identity Management Blog

April 3, 2025

Thumbnail blog for Cloudflare Rotation Blog

Don’t Look Back In Anger: How Cloudflare’s Outage Highlights the Need for Safer Rotations

Service availability is the lifeblood of today’s enterprises. Yet Cloudflare’s March 21, 2025 outage proved that even top-tier providers can stumble on a seemingly simple task: rotating credentials

March 27, 2025

tj-actions/changed-files GitHub Actions 3rd party vulnerability

Oasis platform enables a quick and complete response, while minimizing operational risk.

The Oasis Research Team

March 17, 2025

CISO’s New Reality: Leadership, Risk, and Compliance

The role of the CISO has fundamentally changed.

March 13, 2025

NHI Discovery: Going Beyond Inventory

Non-Human Identities (NHIs) are everywhere and many security and identity teams are struggling to keep up.

March 6, 2025

Why do I need NHIM if I already have a great IGA tool?

If you are reading this blog, you probably already recognize this shift, but here's a short recap: Non-human identities (NHIs) now outnumber human users by at least 20:1; some estimates put it at 50:1

Adam Fisher

February 25, 2025

Breaking Down Non Human Identity Security: 5 Critical Challenges in 2025

Non-Human Identities (NHIs) are now one of the biggest security blind spots in modern enterprises. Yet, most organizations still lack visibility, governance, and control over them.

February 20, 2025

Celebrating the first year of Oasis NHI Security Cloud

When we came out of stealth in January 2024, we had a bold mission: manage and secure non-human identities (NHIs) at scale.

February 14, 2025

AI Agents: Human or Non-Human?

AI agents are becoming an integral part of enterprise IT. But should they be managed like human employees or treated as workloads with decentralized identities?

February 6, 2025

Introducing Oasis Scout: Revolutionizing ITDR for Non-Human Identities

We're thrilled to announce Oasis Scout, the first ITDR solution tailored for Non-Human Identities (NHIs), now available with our pioneering AuthPrint™ technology.

Alberto Farronato

January 29, 2025

Introducing the Non Human Identity Threat Center, a new resource for the cloud security community

We are very excited to launch the NHI Threat Center, a new resource designed to provide education and awareness of the ever-evolving cloud threat landscape.

The Oasis Research Team

January 29, 2025

Illustraion of NHIs to respond the most asked questions

Why should Active Directory hygiene be part of your NHI security program?

Active Directory (AD) has been around forever—and for good reason. If you’ve got a big on-prem setup, it’s the go-to for managing users, permissions, and access.

Roey Rozi

January 9, 2025

Reflecting on our journey at Oasis and looking ahead

As we reach the end of 2024, I can’t help but reflect on what an incredible year it’s been. This was the year Oasis emerged from stealth with a clear mission

Danny Brickman

December 31, 2024

New Oasis Integration for Databricks Secures access to data and AI

Databricks empowers organizations to process and analyze data at scale, turning raw data into actionable insights and powering machine learning workflows.

Vini Merlin

December 18, 2024

Cyber beyond human: Compliance Trends & Security Risks

Oasis Security December Updates

December 18, 2024

Oasis Security Research Team Discovers Microsoft Azure MFA Bypass

Critical vulnerability could have allowed malicious actors to gain unauthorized access to users’ Microsoft accounts.

Tal Hason

December 11, 2024

Oasis Security Integration with Microsoft Active Directory

We are excited to announce the general availability of the latest enhancements to our platform integration capabilities with Microsoft Active Directory (AD).

Adi Marinovsky

December 3, 2024

The feast of security: what Thanksgiving can teach us about protecting Non-Human Identities

Growing up outside the U.S., Thanksgiving was a bit of a mystery to me. Funny enough, I’ve realized that Thanksgiving has a lot in common with securing Non-Human Identities.

November 27, 2024

How a Healthcare provider gained comprehensive NHI visibility with Oasis

Managing a hybrid cloud environment with thousands of non-human identities (NHIs) is no small task.

November 20, 2024

Cyber beyond human: Own It. Prove It. Secure It.

Oasis Security November Updates

November 19, 2024

Top 10 Security Architect to follow on Linkedin

With our growing dependence on the cloud, securing it becomes non-negotiable. That’s where Security Architects step in—the unsung heroes safeguarding our data and systems.

November 13, 2024

Solving Non Human Identity Ownership with Oasis. Part 2: Ownership attestation

In last week’s blog, we took a close look at our new ownership discovery capabilities. Today, we want to complete the picture by digging deeper in the second part of the product release

November 6, 2024

Solving Non Human Identity Ownership with Oasis Part 1

Oasis streamlines the process by automatically gathering data from cloud platforms, SaaS tools, CMDB, and on-premise environments into a unified, single-pane-of-glass

Alberto Farronato

October 31, 2024

Cisco Breach: Non Human Identities (NHI) Compromise and Implications for DevOps Security

In a recent security incident, Cisco confirmed that a threat actor accessed and downloaded “Cisco data and data of our customers”.

October 29, 2024

5 Ways Non Human Identity Ownership Impacts Your Security Program

As we meet with customers to discuss non-human identity security strategy, the topic of ownership comes up more frequently as one of the key component for any comprehensive NHIM program.

October 23, 2024

Non Human Identity Management Program: Guide step-by-step

This guide will walk you through the key steps to transform your objectives into a strategic, actionable roadmap, ensuring that your organization can efficiently manage and secure its NHIs.

October 16, 2024

How a Financial Service Institution Secures Azure NHIs with Oasis Security

Learn how a financial services firm uses Oasis Security to secure and manage its Azure environment, gaining visibility, automated risk management, and streamlined identity controls.

October 14, 2024

Storm-0501: The Rising Threat to Non Human Identities in Hybrid Clouds

The Storm-0501 cybercriminal group has illuminated a critical, often overlooked risk in the realm of cybersecurity: the security of non-human identities (NHIs).

October 2, 2024

Navigating the Complexity of Decentralized Secrets Management

The modern IT infrastructure landscape has become ever more complex, with the rapid growth of distributed environments across multiple clouds and environments.

October 2, 2024

Understanding PCI DSS 4.0: NHIM Essential Guide

PCI DSS 4.0 places significant emphasis on non-human identities—system and application accounts that perform automated tasks and often require elevated privileges.

Vini Merlin

September 25, 2024

Image illustrating the role of non-human identities (NHIs) in reshaping identity security responsibilities.

How NHIs Are Reshaping The Responsibilities of Identity Security Professionals

We analyzed over 100 job descriptions for open positions such as IAM Security Architect, Manager of Identity and Access Management, Senior IAM Engineer, Director of IAM Systems, and more.

September 18, 2024

Securing Non Human Identities for Financial Services

As financial services embrace digital transformation, securing Non-Human Identities—like service accounts, APIs, bots, and machine-learning processes—has become a significant cybersecurity priority.

Vini Merlin and Vitalii Trofymenko

September 10, 2024

Enhancing Github Security with Oasis

GitHub is the central hub for many development teams, enabling seamless code collaboration and integration.

September 4, 2024

Navigating Mandatory MFA for Azure

As Microsoft prepares to enforce multi-factor authentication (MFA) for Azure sign-ins, organizations are gearing up for a significant shift in how they manage access to their Azure resources.

August 28, 2024

The Risks of Exposed AWS Configuration Files: How to implement comprehensive protection with Oasis

On August 15th, Palo Alto Networks’ Unit 42 uncovered a cloud extortion campaign that successfully compromised and extorted multiple organizations by exploiting configuration files hosted in AWS

August 20, 2024

Image of why Non Human Identity Security is critical today

Non Human Identity Security – Why Now?

For a long time, identity practitioners have mastered the delicate balancing act of maintaining operational efficiency while enabling businesses to grow securely.

Steve Schmidt

August 6, 2024

Image of 15 experts in Identity and Access Management

Top 15+1 Identity Pros to Follow on LinkedIn

Our curated list of experts features prominent professionals and leaders who provide a comprehensive perspective on the cybersecurity industry, with a particular focus on Identity Security and Access

July 30, 2024

Illustration highlighting NHIs exposed during employee offboarding processes.

How to manage the NHIs exposed to an offboarded employee?

When an employee leaves a company or changes their role (due to events such as a reorganization or M&A), the impact extends far beyond just clearing their desk.

July 18, 2024

Illustration of secure secret rotation process

Stop worrying. Start rotating.

As a cybersecurity practitioner, few things have caused me more headaches than rotating a critical secret.

Amir Shaked

July 11, 2024

The Importance of Secret Rotation in Ensuring Security and Compliance

Secret rotation might not be the first thing that comes to mind when thinking about cybersecurity, but it is a critical practice for any organization.

Yonit Glozshtein

July 2, 2024

Non Human Identity Management

Non-Human Identity Management (NHIM) is the process of governing and automating the entire lifecycle of non-human identities.

June 27, 2024

Illustration depicting the impact of compromised non-human identity credentials.

The Future of Identity Security: Lessons from the Change Health Breach

UnitedHealth Group confirmed that in February, the BlackCat/ALPHV ransomware group breached Change Healthcare by exploiting compromised credentials for a Citrix remote access portal

Roey Rozi

June 17, 2024

Illustration symbolizing thought leadership in non-human identity security.

TOP 15 Identity Security Accounts to follow on X (formerly Twitter)

For any cybersecurity pro, staying ahead with the latest industry buzz is crucial, and X is a goldmine. But with 556 million active users, sifting through can be daunting.

June 13, 2024

Illustration representing secure data access for non-human identities in Snowflake.

Best Practices to Secure Non Human Identity Data Access in Snowflake

In the last few days, there has been a lot of noise about an alleged Snowflake breach that impacted several companies' supply chains.

June 5, 2024

Illustration explaining the concept of service accounts in IT environments.

What are Service Accounts and How Should You Secure Them?

Service accounts are non-human identities created by IT administrators for executing tasks on machines or specific processes, like software installations.

Yonit Glozshtein

May 15, 2024

Non Human Identity Risks: Lessons from Dropbox's Security Incident

On April 24th, Dropbox became aware of unauthorized access to the Dropbox Sign (formerly HelloSign) production environment.

Misha Brickman

May 2, 2024

How does Non Human Identity Complement Privileged Access Management for 360-degree security?

"I use my Privileged Access Management (PAM) solution to manage administrator cloud accounts; why can't I use it for service accounts, too?". The short answer is that PAM solutions weren't originally

April 25, 2024

Illustration highlighting differences between Non-Human Identity Management and CSPM.

CSPM vs. NHIM (Non Human Identity Management)

CSPM and NHI Management serve distinct purposes and address different threat vectors, complementing each other to provide comprehensive security coverage.

Ido Geffen

April 17, 2024

Illustration showing how Azure Storage accounts store and manage data.

What Are Storage Accounts And How To Secure Them?

Azure Storage accounts, the backbone of Microsoft Azure's cloud platform, play a pivotal role in storing and managing vast amounts of unstructured data.

April 15, 2024

Illustration depicting the role of non-human identity security in addressing modern cyber threats.

Automation is Key: DHS Report Unveils Lessons from the Microsoft Exchange Incident

The DHS Cyber Safety Review Board, established by President Biden, released a scathing report exposing critical oversights by Microsoft that enabled the targeted cyberattack

Amit Zimerman

April 7, 2024

Illustration highlighting the role of Non-Human Identity Management in securing Generative AI environments

‍Securing Generative AI with Non Human Identity Management and Governance

There are many inevitabilities in technology, among them is that rapid innovation will introduce unique risks and 3 letter acronyms will abide.

Joel McKown

April 4, 2024

Illustration representing the decommissioning of orphaned non-human identities.

Decommissioning orphaned and stale Non Human Identities

Unmanaged non-human identities (NHIs) pose a significant security risk in today's digital landscape. NHIs often operate outside traditional IT security reviews, making them vulnerable to exploitation

Yonit Glozshtein

March 28, 2024

What are Non Human Identities?

A Non-Human Identity (NHI) is a digital construct used for machine-to-machine access and authentication.

Amit Zimerman

February 13, 2024

Illustration highlighting the Cloudflare breach and its impact on non-human identity security.

Securing Non Human Identities: Lessons from the Cloudflare Breach

On February 2nd, Cloudflare disclosed that it had fallen victim to a breach orchestrated by a suspected nation-state attacker. This breach, which exploited a series of unrotated and exposed credential

Roey Rozi

February 2, 2024

Illustration depicting challenges in modern identity management.

What's Broken with Identity Management?

In the digital era, speed and efficiency drive business value. To tap into this value, businesses have shifted towards programmable cloud infrastructure and adopted agile...

Danny Brickman

January 23, 2024

Illustration symbolizing Oasis Security’s emergence from stealth.

Oasis Security Emerges from Stealth

As I sit down to write this, I can't help but reflect on our short but incredible journey at Oasis Security. Today, we step into the limelight, ready to share our vision with the world – a vision...

Danny Brickman

January 23, 2024

Illustration highlighting Oasis’s Non-Human Identity Management platform.

Introducing Oasis: the Non Human Identity Management Platform

Today, we are excited to announce the general availability of Oasis, the first enterprise platform built for managing and securing the lifecycle of Non-Human Identities!

Amit Zimerman