New KuppingerCole Report Highlights the Importance of Securing DevOps and Agile IT Environments

Share and earn Cybytes
Facebook Twitter LinkedIn Email

KuppingerCole has just released a new report Security for DevOps and Agile IT: Preventing attacks in highly dynamic environments.”  Authored by Martin Kuppinger and published in October 2018, the report addresses many of the key topics that security practitioners, security leaders and development team leads exploring the need for increasing the security of DevOps environments likely need to address.

Expanded Attack Surface

Organizations are discovering that as the use and adoption of DevOps and Agile IT has increased, securing these environments has become an increasingly important priority. In fact, in just a few years DevOps has changed how IT operates, and most importantly for security professionals, the increased use of micro-services, together with the increased number of DevOps tools used in the CI/CD pipeline, has expanded the attack surface relative to more traditional development environments. The four major drivers expanding the attack surface include:

  1. More secrets
  2. More components
  3. Increased volatility
  4. Increased scale

Top Requirements

The top requirements for securing an organization’s DevOps environment include factors such as the ability to:

  • Consistently manage all types of secrets.
  • Avoid islands of security or reliance on the native capabilities of standalone tools.
  • Focus on simplicity and ease of use for developers.
  • Establish a robust tamper-proof audit capability.
  • Integrate with the organization’s existing Privileged Access Security (or privileged access management to use KuppingerCole’s terminology) infrastructure.

Mapping DevOps Security Needs with Existing Investments in Privileged Access Security

Security teams wrestling with how DevOps security fits within the organization’s broader Privileged Access Security environment should find the insights particularly interesting. For example, existing solutions alone are likely not adequate for securing Agile IT and DevOps environments. They simply don’t meet the requirements necessary for securing a typical, highly dynamic DevOps environment. Instead specialized security solutions are needed to secure DevOps environments, in addition to the existing privileged access security solutions the organization has deployed. However, rather than two separate systems, some form of integrated solution is required.

Action Plan for Securing Secrets

Most importantly, the report outlines an action plan for securing secrets and credentials in DevOps and Agile IT environments and highlights the importance of:

  • Making it easy for developers to secure their applications and code.
  • Isolating APIs so that security services can be refreshed and changed without requiring changes to code.
  • Providing an integrated view and ability to manage privilege and secrets.
  • Capturing and monitoring events by integrating with SIEM and other security systems.

A full copy of the report is available here. For more information on CyberArk solutions, including CyberArk Conjur for securing DevOps environments, visit CyberArk Conjur is also available as open source at – the open source version enables developers to rapidly gain experience using a powerful secrets management solution.

The post New KuppingerCole Report Highlights the Importance of Securing DevOps and Agile IT Environments appeared first on CyberArk.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About CyberArk
CyberArk is the only security company that proactively stops the most advanced cyber threats – those that exploit insider privileges to attack the heart of the enterprise. The company has pioneered a new category of targeted security solutions to lock down privileged accounts and protect against cyber threats before attacks can escalate and do irreparable business damage. CyberArk is trusted by the world’s leading companies – including more than 40 of the Fortune 100 – to protect their highest value information assets, infrastructure and applications, while ensuring tight regulatory compliance and audit requirements.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?