Oasis Security, a three-year-old startup in the increasingly competitive market for non-human identity (NHI) tools, is turning to MSSPs and other channel partners for expanding its customer base and market presence.
This week, the Israeli company, which has worked with partners since coming out of stealth in January 2024, is launching its formal Oasis Security Channel Program to build on a series of targeted enablement sessions that executives said helped create a pipeline, generating millions of dollars and securing dozens of deal registrations while growing annual recurring revenue in triple-digit numbers.
According to Sam Hahm, who was hired in April 2024 as Oasis’ channel and alliances leader Americas, the initial focus of the company’s channel efforts focused on value-added resellers (VARs), building programs around the initiative. Oasis now has 12 partners with master partner agreements.
One of the priorities this year is to establish an MSSPs and MSPs program, and Hahm is working with current partners that offer such services, he told MSSP Alert.
“The channel program is the backbone of Oasis’ sales organization,” he said, noting the strong buy-in throughout the company, from executives to sales leaders. “Oasis is a 100% channel organization and we co-sell every opportunity, which doubles our chances of winning while shortening the deal cycle.”
Cloud, AI Adoption Fuel NHI Growth
Oasis will require MSPs and MSSPs help to compete in a space that is seeing the proliferation of startups like Entro Security and Astrix Security in the market, but also established players like CyberArk expanding their identity and access management (IAM) portfolios to include products to protect non-human identities. Oasis in March 2024 brought in $35 million in Series A funding, bring the total number raised to $75 million.
With the continued enterprise adoption of cloud computing, the rapid growth of AI, expanding use of APIs, and other trends, NHIs are expanding exponentially. They include the keys to modern business operations, from APIs and bots to service accounts, container images, DevOps tools, and cloud tokens.
Security risks that could make organizations vulnerable to compromises and attacks include improper offboarding and leaking of NHIs, vulnerable third-party NHIs, insecure authentication, and insecure cloud deployment configurations, according to OWASP.
NHIs the 'Backbone' of Modern Business
“They are the backbone of automated processes and digital operations,” Entro co-founder and CEO Itzik Alvas wrote in a blog post last year. “In the shadow of their critical functions, lies a significant vulnerability – non-human identity security risks are often overlooked. While organizations have fortified human user access with robust security measures, the management and security of non-human access like service accounts, API keys and cloud tokens have not received the same level of scrutiny.”
In their November 2024 report, the Cloud Security Alliance highlighted that organizations are aware of the risks presented by NHIs but are trying to catch up with security measures. Only 15% of more than 800 security and IT professionals surveyed were highly confident in their ability to prevent such non-human identity attacks, while 69% were concerned about them. In addition, only 20% had formal processes for offboarding and revoking API keys, and even fewer had policies for rotating them.
That said, 24% said their organizations planned to invest in NHI security within six month and 36% said they intended to do so within 12 months.
Manual Management Not Enough
Oasis’ Hahm emphasized that the problem has been around for almost a decade and that organizations have been managing them manually.
“However, through digital transformation, coupled with the explosion of AI, the manual method to discover, secure, and manage NHIs has become obsolete,” he said. “Therefore, 46% of breaches originate through unmanaged NHIs.”
The Oasis Platform
Oasis, which made headlines when it found a critical vulnerability in the multi-factor authentication implementation in Microsoft Azure that allowed attackers to bypass it, offers a platform that automatically discovers and inventories all non-human identities, assesses a company’s posture for configuration and compliance, ranks the posture based on severity, and provides such context as usage, consumers, resources, and privileged status. A tool called Oasis Scout detects threats and anomalies.
The platform, which integrates with an organization’s cloud, SaaS, and on-premises environments, also creates remediation plans and orchestrates the NHI lifecycle.
“Our AI-driven approach proactively identifies risks and automates remediation, empowering organizations to secure their growing NHI landscape efficiently,” Hahm said.
Such capabilities will be important in the coming years. Hahm stressed that Oasis expects non-human identities to represent 99% of identities in the near future.
“With the continued adoption of cloud, SaaS applications, and AI, the number of NHIs will only increase,” he said. “We are also starting to see compliance agencies and cyber insurance [companies] requiring NHI management as a mandatory function. Our platform will continue to evolve to be what Okta, CyberArk, and SailPoint are to human identities for NHIs.”
