The growing danger of unsecured machine identities
The wave of smart manufacturing is sweeping across the industry, bringing with it a seismic shift that is characterised by hyper-connectivity, relentless automation and unprecedented data-driven precision. However, manufacturing plants and factories are not just filled with machines; they’re teeming with thousands of non-human identities (NHIs) from robotic arms and programmable logic controllers (PLCs) to IoT and IIoT sensors seamlessly integrated through the production lines. While they drive operational efficiency, they also represent a rapidly expanding and often invisible attack service, as Dave McGrail, Head of Business Consultancy, Xalient and Jon Neal, EMEA Field CTO at Saviynt, explain.
Several reports reveal that 90% of manufacturers manage over 2,500 active identities, with the average sitting at 3,200 identities, of which 65% are machine identities. Alarmingly, 74% of these organisations are grappling with the complexity of securing machine identities, more so than human identities. This challenge is compounded by legacy infrastructure, fragmented oversight, and a lack of centralised visibility, leading to “zombie identities” such as expired certificates, forgotten API keys and orphaned service accounts that linger in the shadows.
While many IT teams have fallen into the trap of granting access more readily than maintaining it, tightened regulatory controls and escalating cyber risk reinforce that this reactive approach is not sustainable. Manufacturers must prioritise NHIs in their Identity and Access Management (IAM) strategies. This requires a mindset shift, bolstered by modern identity governance tools, real-time monitoring capabilities, and cross-functional accountability.
The time for complacency is over, and manufacturers must take decisive action to regain control over their machine identity landscape. Failure to do so will threaten the future security of the smart industry.
An industry under threat
With the manufacturing industry managing more identities on average than any other sector and also having a higher proportion of machine identities, it’s not surprising that in 2024, the manufacturing industry witnessed a sharp rise in cybersecurity breaches linked to NHIs. However, this has already increased by 18% by 2025. These often-overlooked entities pose a growing risk as they proliferate across cloud environments and DevOps pipelines. This is supported by findings that 71% of breaches in 2025 involved cloud environments, where NHIs are most prevalent and often poorly secured.
High-profile incidents making news headlines underscore the urgency to prepare for attack. Most notably, Cloudflare was forced to rotate over 5,000 production credentials following an NHI-related breach, and Schneider Electric, a global manufacturing leader, suffered a breach via exposed Jira credentials, resulting in the theft of over 40GB of sensitive development data. These cases reveal a critical blind spot in identity and access management strategies, one that manufacturers must urgently address to safeguard intellectual property, operational continuity, and customer trust.
Gaining control of machine identity management
Gaining control over machine identity management (MIM) is essential for manufacturers operating in increasingly automated and connected environments. This starts with a comprehensive inventory of all non-human identities for all IoT/IIoT devices, robotic systems, PLCs, APIs, service accounts, and certificates. Without this visibility, there can be no control. To locate all machine identities, it is necessary to use automated discovery tools that integrate across on-premises, cloud and edge environments to map out all non-human entities across the organisation.
Next, it is important to understand the purpose, behaviour and access patterns of these machine identities. Not all machine identities are created equal; some may be short-lived and task-specific, while others operate across critical systems. Security teams must ask: Should this IoT sensor communicate with the ERP system? Does this service account need write access, or would read-only access be sufficient? By applying behavioural baselining and tagging to these machine identities, organisations can contextualise risk, identify anomalies and tailor access controls more precisely.
Turning insight into action
This context provides the foundation for implementing centralised identity governance and gaining the control needed to manage NHIs at scale and across hybrid environments, thereby removing the silos that reduce accountability. A modern machine identity management strategy requires a unified control plane that assigns ownership, enforces lifecycle policies and applies consistent access rules. Without this accountability, NHIs can quickly become unmanaged and persistent threats hidden in plain sight. Governance turns insight into control and prevents NHIs from becoming security liabilities. Additionally, it enhances uptime, ensures regulatory compliance, and reinforces the resilience of the entire production environment.
However, to maintain this standard, manufacturers must move beyond manual methods and approaches to manage credentials. Automation must be part of the solution, and these tools must support scalable deployments with cross-domain orchestration and real-time alerting for expired or misused credentials.
Principles like least privilege and Zero Trust must be extended to machine identities. Manufacturers have implemented these principles for human users and must apply them to machines. Every non-human identity should be granted the minimum access required to function, and every interaction should be authenticated and authorised. When an anomaly occurs, whether it’s an unexpected connection attempt or a privilege escalation, the system must be able to respond in real-time.
Regulating the machines
With the manufacturing industry facing several challenges in machine identity management, several regulations have emerged to provide guidelines aimed at bolstering resilience in this increasingly interconnected landscape.
The EU’s NIS2 Directive (Network and Information Security Directive 2.0) categorises manufacturing as an “important entity” and imposes stringent cybersecurity requirements that extend beyond conventional practices. As such, stakeholders must meet an entire framework of obligations related to supply chain security and risk management to improve resilience. While this mandate does not specifically focus on NHIs, it does require organisations to adopt robust measures to safeguard all digital assets. These machine identities are the lifeblood of interconnected production processes and supply chains, and neglecting to secure them is an open invitation to chaos.
Similarly, the NIST Cybersecurity Framework (CSF) adds another layer of urgency for manufacturers to implement stringent security measures. This framework guides organisations in identifying, protecting, detecting, responding to and recovering from cyber incidents, establishing a comprehensive approach to cybersecurity. Practices like maintaining inventories of hardware and software (including machine identities), enforcing strong authentication protocols and implementing principles of least privilege are vital strategies for securing NHI and strengthening overall cyber resilience.
Reviewing the stakes
The surge in automation, IoT devices, and interconnected systems has radically transformed the manufacturing landscape, but now vulnerabilities like identity, not just firewalls or physical boundaries, are a concern. Machine identities are now the cornerstone of secure operations, yet they are often left unmanaged, unaudited and underestimated. This is a breeding ground for silent threats ranging from lateral movement, data exfiltration and operational downtime to catastrophic system failures.
The consequence of failing to get a handle on these machine identities could be dire. In highly regulated sectors such as automotive or pharmaceutical manufacturing, non-compliance can result in severe financial penalties and dangerous supply chain disruptions.
The future of manufacturing is smart, but only if it is kept secure. CISOs and security leaders who recognise the importance of machine identity management today will significantly reduce their organisation’s risk exposure and future-proof their operations for the coming wave of AI-driven automation and regulatory transformation. The time to act is now, before the stakes rise even higher.
