PwC and CyberArk: Is Your Continuous DevOps Pipeline Continuously Secure?

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

Code fast, beat the competition to market and build market share. This is the value of DevOps.  Businesses around the world fuse software development, integration, test and operations practices to accelerate digital transformation and enhance business performance and agility. In fact, research shows that agile firms grow revenue 37 percent faster and generate revenues 30 percent higher than firms that have not embraced DevOps[i].

But, are these organizations missing a critical step?

Many developer and operations teams have “settled their differences” to leverage countless containers, applications and virtual machines in order to move and produce at unprecedented scale and speed.  Now, some organizations struggle to answer critical security-related questions about these new processes, such as:

  • Who—or what—has access to these virtual machines and applications?
  • Where are the secrets and credentials stored?
  • Is our continuous CI/CD pipeline continuously secure?

DevOps Introduces New Security Challenges

As we’ve explored in previous posts, the DevOps pipeline comprises a diverse collection of development, integration, testing and deployment tools, people and resources. The sheer scale and diversity of this ecosystem can make it difficult to secure for three key reasons:

  • Each development and test tool, configuration management platform and service orchestration solution has its own privileged credentials, which typically are separately maintained and administered using different systems, creating islands of security.
  • Secrets (passwords, SSH keys, API keys, etc.) used to authenticate exchanges and encrypt transactions are scattered across machines and applications, making them nearly impossible to track and manage.
  • Developers often hard code secrets into executables, leaving the business vulnerable to malicious attacks and exposure of confidential data, from attackers with stolen secrets.

The proliferation of containers has exacerbated these security challenges by creating “secrets sprawl.” Consider that in any given enterprise, hundreds of VMs can easily give way to thousands or hundreds of thousands of containers—each with its own security attributes.

Secrets Management at the Speed of DevOps

PwC has deep experience in security and DevOps and recently released a new white paper focused on securing DevOps environments.  PWC’s whitepaper illustrates its strong capabilities in working with enterprise clients to identify, design and deploy improved processes and technical solutions for DevOps that are also inclusive of a critical element: secrets management. This whitepaper introduces PwC’s High Velocity IT solution, which is underpinned by the CyberArk Conjur secrets management solution, and helps organizations reduce risk without impacting velocity. The joint solution addresses the full spectrum of tasks and activities needed to convert ideas into useful technology-centric functions. For example, outcomes could include lower delivery costs, fewer errors in production, improved agility and metrics-based continuous improvement.

CyberArk + PwC = High Velocity IT

CyberArk has an extensive business relationship with PwC—the global consulting firm has deep experience architecting and implementing CyberArk solutions. In fact, CyberArk named PwC its Global Systems Integrator of the Year Americas in 2017. PwC’s experience in working with CyberArk empowers IT organizations to efficiently manage access and authorization privileges across the DevOps pipeline, helping security teams mitigate risks and improve compliance without hindering workflows. Together, CyberArk and PwC can help organizations build a secure and agile DevOps pipeline to achieve high velocity IT.

For additional best practices from PwC and CyberArk on securing your DevOps pipeline and achieving compliance without adding roadblocks to DevOps workflows, register for our joint February 22 webinar and download the free white paper.

 [i] How business can survive and thrive in turbulent times. The Economist Intelligence Unit Ltd.

The post PwC and CyberArk: Is Your Continuous DevOps Pipeline Continuously Secure? appeared first on CyberArk.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
1010 Followers
About CyberArk
CyberArk is the only security company that proactively stops the most advanced cyber threats – those that exploit insider privileges to attack the heart of the enterprise. The company has pioneered a new category of targeted security solutions to lock down privileged accounts and protect against cyber threats before attacks can escalate and do irreparable business damage. CyberArk is trusted by the world’s leading companies – including more than 40 of the Fortune 100 – to protect their highest value information assets, infrastructure and applications, while ensuring tight regulatory compliance and audit requirements.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel