Secrets at Risk as DevOps Goes Mainstream
As DevOps becomes established across industries and across geographies, the way in which we deliver applications and services for businesses continues to evolve and accelerate. But, this agile development approach also creates serious security risks to privileged account credentials and secrets.
Security teams now have a potentially vastly expanded attack surface to contend with. Why? Because, as DevOps takes hold, more and more privileged account credentials and secrets are created and shared across interconnected access points. Compounding the risks are technologies including artificial intelligence, machine learning and automated IT, which not only expose new attack vectors, but also demand that businesses manage machine identities.
Securing the DevOps pipeline requires a fully automated privileged account security and secrets management solution—a tool that many businesses lack. In fact, 75% of security professionals say their organization doesn’t have a privileged account security strategy for DevOps, according to CyberArk’s Global Advanced Threat Landscape 2018 report.
Another concern highlighted by this report is that developers and security teams alike don’t fully understand all of the places where privileged accounts and secrets exist in their IT environment. In our survey, 99% of respondents could not identify all of the places where privileged accounts or secrets reside. This crucial information is embedded in a very wide spectrum of entities scattered across IT and cloud environments—and you must be able to locate them before you can protect them.
Perhaps the biggest roadblock to securing DevOps is that security teams and app developers typically work in operational silos. In fact, only one-third (33%) of the IT professionals that we surveyed say the two teams and processes are well-integrated throughout the entire development process.
In addition to tight teamwork, you’ll need one dedicated technology solution and a single security stack that can seamlessly connect DevOps tools with enterprise security solutions. The combination of the two will enable you to build a scalable security platform that is constantly improved as new iterations of tools are developed, tested and deployed.
If there’s one takeaway from this year’s survey, it’s that many organizations don’t understand the means—or the mechanisms—to secure privileged account credentials and secrets. You won’t find a solution among traditional security programs, which haven’t kept pace with vulnerabilities created by new access points, machine identities and automated IT. To get it right, you’ll need to integrate security with DevOps and implement a unified security solution that applies common controls across disparate services and infrastructures.
To find out more, read CyberArk’s Global Advanced Threat Landscape 2018 report here.