SAMUEL LÓPEZ TREÑADO

 

With over a decade of experience in cybersecurity, I’ve seen how the digital landscape has evolved — and how identity management has become one of its most critical components. Today, we are no longer securing only human users. Machines, applications, and automated processes also have digital identities, and protecting them is essential to ensuring business continuity and security.

 

Managing Non-Human Identities

 

What are Non-Human Identities and why are they important?

Non-Human Identities (NHI) are digital credentials used to identify, authenticate, and authorize entities that are not directly linked to a person — such as APIs, service accounts, IoT devices, or software bots.
These identities play a vital role in automating processes, enabling connectivity, and improving efficiency across digital systems. However, as their number grows, so does the complexity of managing them securely. Each NHI can become a potential entry point for attackers if not properly governed.
Visibility, governance, and accountability are key. Understanding where these identities exist, what they have access to, and how they are used is fundamental to building a strong cybersecurity posture.

 

The risks and how to manage them

Managing Non-Human Identities is not a passing trend — it is an emerging security risk that will increasingly appear as a residual risk in corporate risk analyses if no mitigating controls are implemented.

To reduce exposure, organizations should start by addressing four fundamental actions:

  • Discover – You can’t protect what you don’t know. The first step is to identify all existing non-human identities, a complex but essential task.
  • Inventory and classify – Each identity should have an assigned owner and be categorized according to its level of privilege and sensitivity.
  • Manage the lifecycle – Ensure that identities no longer in use are promptly deactivated, new ones are created with proper approval and ownership, and privileges are reviewed regularly — ideally every six months.
  • Credential management – Implement secure credential rotation, encryption, and storage in secret vaults when appropriate, avoiding exposure in code repositories or uncontrolled environments.

Once these four pillars are in place, organizations can move toward more advanced stages — such as real-time protection or anomaly detection in Non-Human Identity activity.
 

How does Holcim manage Non-Human Identities?

At Holcim, security is embedded in everything we do. Managing Non-Human Identities is part of our broader strategy to protect our digital ecosystem and ensure the resilience of our operations.
We apply a structured approach based on three pillars:

  • Governance and accountability – defining clear ownership and control over every identity.
  • Visibility and intelligence – continuously monitoring and analyzing NHI activity across systems.
  • Privileged Access Management (PAM) – enforcing strong protection for sensitive or high-privilege accounts.

This framework ensures that each identity — human or non-human — operates within a well-defined, secure environment. It also allows us to automate lifecycle management, reducing manual effort and minimizing risk.

 

Looking ahead

The management of Non-Human Identities is more than a technical necessity — it represents a shift in mindset toward proactive, automated security.

As our digital transformation continues, we will see even more interaction between systems, services, and machines. Ensuring that every one of these entities can be trusted is crucial to maintaining a secure and sustainable digital future.

“Non-Human Identity Management is about visibility, control, and trust — giving machines the right access, in the right context, at the right time.”

diseno-sin-titulo-18.png
footer logo
Contact us

ABOUT HOLCIM

Holcim (SIX: HOLN) is the leading partner for sustainable construction with net sales of CHF 16.2 billion1 in 2024, creating value across the built environment from infrastructure and industry to buildings. Headquartered in Zug, Switzerland, Holcim has more than 48,000 employees in 45 attractive markets – across Europe, Latin America and Asia, Middle East & Africa. Holcim offers high-value end-to-end Building Materials and Building Solutions, from foundations and flooring to roofing and walling – powered by premium brands including ECOPlanet, ECOPact, and ECOCycle®. 


1 Net sales 2024 restated following spin-off; excludes net sales to Amrize.

© HOLCIM 2025
Site Map Legal Notice Cookie Policy Privacy policy Whistleblowing Channel
Close search