itb-au logo
Story image

Security teams could be slowing down DevOps, survey shows

Venafi has released the findings of its latest survey, revealing 75% of DevOps professionals say certificate issuance policies slow them down.

In addition, more than a third (39%) of professionals believe developers should be able to circumvent these policies to meet service level agreements, and less than half believe developers always request certificates that serve as machine identities through authorised channels.

Venafi, the inventor and provider of machine identity protection, conducted a survey on digital certificate security policies and practices in DevOps environments.

Cryptographic keys and certificates serve as machine identities and enable authentication and secure communication for applications, service containers and APIs on enterprise networks, the internet and in cloud environments. The use of weak or unauthorised keys and certificates can significantly increase security risks, particularly in cloud environments, Venafi says.

Developers use insecure machine identities, including certificates from unauthorised certificate authorities (CAs) and self-signed or wild card certificates, because corporate certificate issuance processes are seen as too cumbersome, Venafi says.

However, this leaves security teams in the dark and increases organisational risk, especially if key and certificate vulnerabilities or errors enter production environments, the company states.

“DevOps is all about speed, but this survey illustrates that developers often find security policies slow,” says Kevin Bocek, Venafi vice president of security strategy and threat intelligence.

He says, “Unfortunately, security professionals are often unaware of the risks DevOps processes bring to their organisations. Ultimately, security teams need to make it more straightforward for developers to use machine identities protecting them must be easier and faster than it is to circumvent policy, otherwise these problems will continue to grow exponentially.

"Organisations that rely on DevOps processes require visibility, intelligence and automation to protect their machine identities.”

Story image
How 'data gravity' centres can spell trouble for enterprises
In the not-too-distant past, data was created in a much more centralised place, and users and systems had far less access to it. Now, with digital data from social, analytics, mobile, cloud, IoT and more being created with both simultaneity and omnipresence, so much information is being collected that it’s forming a ‘centre of gravity’.More
Story image
Microsoft’s Azure Space – Cloud above the clouds
The company has hired a team to build cloud capabilities that meet the unique needs of space.More
Story image
IBM expands SAP capabilities for cloud
With new services, partnerships and certifications IBM aims to capitalise on the mass-movement to cloud.More
Story image
How to defeat software sprawl with efficient document management tech
Software sprawl can happen when licenses for certain software are overlapped, often throughout departments within the same enterprise - meaning these companies can end up spending more money than they need to. More
Story image
Aussie firms outsourcing finance functions to South Africa amid COVID-19 disruptions
Most organisations need to reduce operational costs quickly. With revenues significantly down, any failure to dial down expenses will hit the bottom line and even spell the end of the business, writes BPESA CEO Andy Searle.More
Story image
OpenStack Foundation rebrands with new mission to support open source
The Open Infrastructure Foundation (OIF) will focus on supporting and advancing open source as requirements for compute, networking, and storage evolve.More