Solving Non human Identity Ownership with Oasis Part 1

Alberto Farronato

Alberto Farronato

VP marketing

Published on

October 31, 2024

Exciting news for Oasis customers! Today, we’re thrilled to release groundbreaking functionality for Non-Human Identity (NHI) ownership assignment and attestation. These new capabilities mark a significant step forward in our mission to secure NHIs and address a major challenge faced by organizations: identifying and managing human ownership of digital identities. In this blog, we’ll take a closer look at how Oasis NHI Security Cloud makes ownership assignment more efficient and secure.

What is NHI ownership?

NHI ownership refers to assigning responsibility for managing a non-human identity to the appropriate individual or team within an organization. This assignment is crucial for ensuring oversight and accountability throughout the lifecycle of an NHI. Previously, we explored how the lack of ownership for NHIs can lead to gaps in security posture.

But, why is knowing NHIs owners so challenging?

NHI Context Data Map


Many organizations struggle with identifying NHI owners due to two main factors:

  1. Data Fragmentation
    Ownership data is often scattered across multiple systems. For instance, while a resource's ownership might be logged in a Configuration Management Database (CMDB), it may not be reflected in the Identity Provider (IDP). Without a unified view, critical ownership information remains incomplete or inaccessible, creating a challenge for security and compliance teams to establish accurate ownership.
  2. Manual Governance Processes
    Traditional tracking methods for ownership rely on manual tagging and metadata processes,  which are time-consuming and error-prone, but most importantly disconnected from joiner-mover-leaver workflows. As teams try to keep up with changes in the organization, crucial ownership information lags behind and becomes out of date.


Introducing Oasis Ownership Discovery Engine

Oasis NHI Security Cloud is the first integrated solution purpose-built to address the unique challenges of  visibility, security, and governance of NHIs across the hybrid cloud.

Oasis NHI Security Cloud

To tackle the ownership assignment challenges, we have introduced a new AI/ML module - Oasis Ownership Discovery Engine -  that analyzes Idps, logs, CMDBs, and other sources to recommend and assign NHI owners— even when no tagging or metadata is available. These advanced algorithms go beyond customer-specific fields, tags, and naming conventions by incorporating behavioral analysis and usage logs to provide accurate ownership recommendations. Here is how:

  • Automatic Classification: The platform automatically classifies and enriches ownership data by scanning application inventories and logs, reducing manual effort.
  • Free-Text Analysis: Oasis’ AI scans unstructured text fields associated with identities, ensuring all potential ownership clues are accounted for.
  • Clustering and Similarity Scoring: Similar identities are grouped, and similarity scores are generated to facilitate more accurate ownership recommendations.
  • Application Cataloging: The platform connects identities to third-party applications, clarifying ownership through established relationships.

Leveraging Ownership for Remediation and Posture

Oasis Ownership Discovery Engine completes an already industry-leading set of capabilities dedicated to Context Reconstruction.

Oasis Ownership Discovery Engine

Identifying NHI owners further empowers IT and security teams to implement remediations confidently. For example, knowing who owns an API key or secret allows for safe rotations without disrupting business continuity. Moreover, streamlining task assignments to the correct owners enhances accountability, improves hygiene, shortens response times. As Gartner points out in Prioritize IAM Hygiene for Robust Identity-First Security , identity hygiene and management are collaborative efforts across multiple teams. By engaging the right stakeholders, initiatives move forward faster and compliance can be more easily maintained.

Using Ownership to Improve Governance and Compliance 

We’ve seen how Oasis leverages AI/ML heuristics to create a consolidated easily accessible  inventory. But, visibility alone would not be enough.  As mentioned initially, tracking owners over time in alignment with joiner-mover-leaver workflows is a major challenge and critical dependency for accuracy. This is why we are also introducing ownership attestation capabilities that allow to:

  • Review and refine AI-generated ownership recommendations to enhance accuracy.
  • Conduct certification campaigns to address ownership gaps and promote a culture of accountability.

More on this in our next blog.

Conclusion

Effectively managing NHI ownership is essential for robust security, compliance, and operational efficiency. With Oasis, organizations can overcome the challenges posed by fragmented data and manual tracking processes, gaining a clear, unified view of NHI ownership. This transparency enables businesses to implement an efficient and effective NHI management program.

Ready to see Oasis in action? Sign up for a demo today to explore the full potential of Oasis for NHI ownership and redefine your identity management strategy.

More like this