Understanding and Selecting a Secrets Management Platform

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

As we kick off 2018, what hopefully is a very promising and secure year for you, it’s a good time to consider how securing secrets in your DevOps pipeline can reduce your risk exposure and attack surface. We recently posted an article on our blog exploring some of the many challenges security teams and enlightened developers face in managing the proliferation of secrets and privileged users throughout the DevOps pipeline. Basically, we addressed how to significantly reduce risk—without impacting velocity or negatively impacting the work of developers.

This can, understandably, seem like a daunting task, particularly when you consider the countless non-human actors—processes, services, containers, hosts and more—that constantly need privileged credentials to do everything from accessing other resources and services to communicating with databases to obtaining encryption keys. While certainly not a brand new phenomenon, organizations’ increasing reliance on automated cloud services, container-based deployments and micro services-based architectures has illuminated a massive gap in how they manage machine identities for non-human actors, or in other words, how they protect the secret information flowing from machine-to-machine with little or no human oversight. Remember—we’re no longer talking about securing a finite number of machines sitting on a rack somewhere, but instead, hundreds upon thousands of virtual machine instances running simultaneously at any given point in time.

For organizations that take advantage of DevOps’s agility without adequately securing the secrets and credentials used in their DevOps environment, there is urgency to take action.  DevOps automation not only builds and deploys apps at scale, but it also creates and assigns credentials and secrets at scale. If these secrets aren’t adequately secured and protected, then as the apps scale, the enterprise creates an ever-increasing technical debt of vulnerabilities.  Basically, the problem may be getting worse, at scale.

How can organizations get started? Some traditional security solutions for secrets management are simply not a great fit in today’s modern era of clouds, containers and DevOps. As a result, a new wave of “secrets management” platforms is emerging, and it’s changing the way organizations deliver identity, secrets and tokens—as well as the way they validate systems for automated establishment of trust.

The independent analyst firm Securosis has published new research examining the critical need for such modern secrets management tools. The crux of the paper, Understanding and Selecting a Secrets Management Platform, addresses the fact that security around provisioning access rights to services is largely absent today. Far too often, credentials are kept in cleartext within documents of various types, while many companies rely on identity stores’ systems to maintain a central point of control over identity and access rights. Yet, these systems lack a distribution mechanism to consistently support security policies across today’s mixed and increasingly complex cloud and DevOps environments.

Available for free download here, the Securosis research paper outlines:

  • The Challenge of Machine Identities: From both the security practitioner’s and the developer’s perspective.
  • Principal Customer Use Cases: A diverse set of real-life use cases, including API Gateways and access keys, services, build automation, provisioning machine identities, encrypting data and sharing.
  • Features and Functionality: The basic functions every secrets management platform needs to address, as well as advanced feature sets that are emerging, comprising deep log creation and integration options, tighter integration with IAM services, secret generation and secret revocation.
  • Deployment Considerations: How these platforms deploy, how they provide scalability and resiliency and how they integrate with the services they supply secrets to.

Effective secrets management is integral in transforming DevOps as we know it to a truly integrated secure DevOps, or DevSecOps model. We encourage you to download this timely piece of research. To learn more about the industry’s only platform-independent secrets management solution specifically architected to protect containerized and cloud-native applications across the DevOps pipeline, visit the CyberArk Conjur page.

The post Understanding and Selecting a Secrets Management Platform appeared first on CyberArk.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
1011 Followers
About CyberArk
CyberArk is the only security company that proactively stops the most advanced cyber threats – those that exploit insider privileges to attack the heart of the enterprise. The company has pioneered a new category of targeted security solutions to lock down privileged accounts and protect against cyber threats before attacks can escalate and do irreparable business damage. CyberArk is trusted by the world’s leading companies – including more than 40 of the Fortune 100 – to protect their highest value information assets, infrastructure and applications, while ensuring tight regulatory compliance and audit requirements.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel