TY - JOUR AB - Non-human accounts are often the “Achilles’ heel” of a robust IAM environment. While IAM professionals concern themselves with managing identities, authentication, RBAC, ABAC, governance, and auditing of user accounts, other IT staff are deploying devices and services that are given access to protected resources via hard-wired accounts, exposed services, and APIs. <br><br>The management of non-human account control should be consistent with user-based account management, and controls placed on user account access to high-assurance applications should also be applied to non-human accounts. <br><br>There is no single solution for dealing with non-human accounts. Some IAM professionals suggest all accounts should be managed via the same processes and same infrastructure to ensure consistent policy deployment. This consistency, they argue, should ensure that non-human accounts are not ‘left-out’ when IAM deployments occur. Others consider this impractical and recommend that purpose-specific processes be deployed for non-human accounts. But regardless of the mechanism(s) used to manage non-human accounts, ensuring that they are managed is paramount. Otherwise, non-human accounts will continue to be a cybersecurity attack vector favored by hackers for gaining access to corporate facilities.<br><style>@font-face{font-family:"Cambria Math";panose-1:2 4 5 3 5 4 6 3 2 4;mso-font-charset:0;mso-generic-font-family:roman;mso-font-pitch:variable;mso-font-signature:-536870145 1107305727 0 0 415 0;}@font-face{font-family:Cambria;panose-1:2 4 5 3 5 4 6 3 2 4;mso-font-charset:0;mso-generic-font-family:roman;mso-font-pitch:variable;mso-font-signature:-536869121 1107305727 33554432 0 415 0;}p.MsoNormal, li.MsoNormal, div.MsoNormal{mso-style-unhide:no;mso-style-qformat:yes;mso-style-parent:"";margin:0in;mso-pagination:widow-orphan;font-size:12.0pt;font-family:"Cambria",serif;mso-ascii-font-family:Cambria;mso-ascii-theme-font:minor-latin;mso-fareast-font-family:Cambria;mso-fareast-theme-font:minor-latin;mso-hansi-font-family:Cambria;mso-hansi-theme-font:minor-latin;mso-bidi-font-family:"Times New Roman";mso-bidi-theme-font:minor-bidi;}.MsoChpDefault{mso-style-type:export-only;mso-default-props:yes;font-size:11.0pt;mso-ansi-font-size:11.0pt;mso-bidi-font-size:11.0pt;font-family:"Arial",sans-serif;mso-ascii-font-family:Arial;mso-fareast-font-family:Arial;mso-hansi-font-family:Arial;mso-bidi-font-family:Arial;mso-ansi-language:EN;mso-fareast-language:EN-AU;}.MsoPapDefault{mso-style-type:export-only;line-height:115%;}div.WordSection1{page:WordSection1;}</style><p class="MsoNormal"><span lang="EN"><o:p></o:p></span></p> AU - Graham Williamson, André Koot, Gloria Lee DA - 2022/2// DO - 10.55621/idpro.52 IS - 11 VL - 1 PB - IDPro PY - 2022 TI - Non-human Account Management (v4) T2 - IDPro Body of Knowledge UR - https://bok.idpro.org/article/id/52/ ER -