Natoma: A Platform to secure, automate & govern Non-Human Identities.

Jul 30, 2024

Pratyus Patnaik

Will Potter

Zachary Hart

Paresh Bhaya

Zachary Hart

With the rise of automation, AI copilots, and bots, Non-human identities (NHIs) are expected to explode over the coming years, driving security leaders to rethink cybersecurity strategies to better protect their organizations. These NHIs—service accounts, shared credentials, application accounts, API keys, OAuth tokens, secrets, certificates & machine IDs— represent an increasingly pressing security and management gap within every organization today, and are foundational to GenAI tools. Modern enterprises utilize an unprecedented number of software applications across SaaS, PaaS, IaaS, and on-premises services to manage every aspect of their operations. This sprawl and the resulting interconnectivity across various tools have led to the proliferation of NHIs.

Today, we’re excited to unveil our platform designed to protect enterprise data and systems from unauthorized NHIs. Since Natoma’s inception in late 2023, we are grateful to have partnered with some leading enterprises across the globe. Their trust and collaboration have been instrumental for us. Together, we are committed to securing and safeguarding their critical assets from unmanaged NHIs. We could not have done this without their support.  🙏

“Throughout IT ecosystems, non-human identities like service accounts have maintained a ubiquitous presence, extending from on-premises setups to operational technology (OT) landscapes. As a company expands into the cloud with SaaS, PaaS, and IaaS, this challenge grows more pronounced,” said John McLeod, NOV's CISO. “It's heartening to witness a company taking proactive steps to tackle this expansive and complex issue head-on.”

Our founding team, based in San Francisco, Boston and Bengaluru, has decades of collective experience building identity managed products.  The team was pivotal in building Okta's Identity Governance, Privileged Access and Lifecycle Management products. We deeply understand the challenges of managing non-human identities, having experienced it first-hand.

We are proud to have the support of top cybersecurity investors. Our seed round was co-led by Shardul Shah from Index Ventures and Saam Motamedi from Greylock Partners, who have been early backers of industry defining companies such as Wiz, Abnormal, Palo Alto Networks, and Datadog. Definition, Latitude, and prominent executives from Microsoft, Cisco, Okta, CNCF, Crowdstrike, and Datadog also participated in the round.

Risks associated with human identities are well-managed with conventional Identity tools, existing standards, and "Joiner-Mover-Leaver" processes, but they overlook and fall short of addressing the unique challenges posed by NHIs, which are multiple fold (50x) larger than human identities. They can be ephemeral, with a higher concentration of elevated privileges and unfettered access to production data stores, and cannot utilize advanced controls like multi-factor authentications and biometrics. When compromised, these identities can be expensive and damaging for organizations. As enterprises mature their workforce identity security and adopt human identity tools, NHIs have become a new attack vector.

Natoma addresses the problem by establishing an authoritative source of truth for all NHIs and a control plane to secure and manage NHIs across their entire lifecycle. Natoma’s platform helps with automated discovery, providing intelligent context, continuous monitoring, and policy-based governance including dynamic, just-in-time management of NHIs enforcing the principle of least privileged access. This comprehensive approach ensures a robust security posture and unparalleled efficiency in managing NHI-related challenges. Additionally, Natoma provides the flexibility to host in the Natoma cloud or on a company’s own servers.

There are already more connected software agents and devices than humans. Very soon, we’ll have more autonomous software, co-pilots, and bots doing ‘work’ in every team. Adoption of GenAI is organic and decentralized, frequently occurring outside of IT’s purview. NHI management will be a critical foundational infrastructure for this upcoming AI and software-powered workplace. Natoma can help every enterprise, across any vertical, adopt an enterprise-wide NHI strategy fit for the modern world.

Stay tuned. Join our mailing list

Subscribe

Subscribe