What are non-human accounts (NHA)?
Typical user accounts are used by people and are linked directly to a person. Non-human accounts are typically used by machines, systems, agents and schedulers, or by people performing administrative tasks. In many cases these are shared by multiple users where the account name and password is shared among the users.
Why can non-human accounts be a vulnerability risk?
Whereas human accounts are linked directly to a user and companies have password policies in place to enforce security policies, the non-human accounts are in many cases harder to manage. The reasons why companies and teams use NHA accounts vary a lot, and therefore a general security policy is harder to implement.
How does Teisko help?
With the help of Teisko you can identify the NHA accounts, set the owners and users of these accounts and also run regular Access Reviews to have a better control of these accounts.
How often should accounts be reviewed?
This depends on the companies requirements and the apps criticality – and therefore cannot be recommended as a one policy fits all. As a rule of thumb, the non-human accounts for critical apps are reviewed once a year, whereas human accounts are typically reviewed quarterly.
Next steps
Register to Teisko and start managing your accounts in seconds. Teisko comes with a Free Plan – no credit card required.