IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image
Organisations suffer security incidents related to exposed secrets in DevOps
Wed, 24th Nov 2021
FYI, this story is more than a year old

Fifty-seven percent of organisations have suffered security incidents related to exposed secrets in DevOps, new research has revealed.

Cloud identity security solutions firm ThycoticCentrify has published a new survey report from Forrester that addresses the security innovation paradox in DevOps environments. While it's revealing that over half of organisations have experienced security incidents related to exposed secrets in the past two years, only 5% say that most of their development teams use the same secrets, management processes and tools.

The Secure Innovation Requires Making DevOps Secrets Management Invisible report surveyed 227 identity and access management decision-makers and 160 members of development teams in North America, EMEA and APAC.

The report found while 68% of developers agree that management prioritises security over release dates, 53% of IAM leaders claim developers lack the understanding or ability to implement proper security controls. The report also finds that while IAM leaders and developers want to simplify access management, secure access controls are often too manual and full of friction, which is a bottlenecking innovation.

"The migration to cloud and the drive to microservice architectures require a shift to automated application delivery," says ThycoticCentrify chief technology officer, David McNeely.

"These new application architectures must be designed with security in mind to ensure compliance and protect the integrity and reputation of the company," he says.

"Securing these new applications should be easy for developers while simultaneously enabling the flexibility that operations teams need to respond to the demands of the business.

"This report provides encouraging validation that both security leaders and developers want to centralise and embed secrets management into the tools already in use in continuous integration, continuous deployment pipelines."

The key to solving this challenge is to make secrets management invisible to developers and DevOps teams, who agree that doing so would improve their experience (63%) and productivity (69%). To accomplish this, 76% of IAM leaders are looking for purpose-built PAM for DevOps solutions to help development and security teams work better together.

ThycoticCentrify's PAM for DevOps secrets management solution, DevOps Secrets Vault, enables organisations to centrally manage, control and audit secrets for automated processes that operate without human oversight. DevOps Secrets Vault improves developers and security teams' productivity by reducing friction and embedding automated secure access controls into the DevOps process.

ThycoticCentrify recently introduced geolocation-based routing to ensure customers automatically route to the cloud service closest to their data centers to optimise performance and ensure active failover. The solution is continually improved for ease of use, allowing non-DevOps users to view and manage DevOps Secrets Vault via a user interface versus the Command Line Interface.