Secrets management, reporting, and encryption for effective DevSecOps
Billy VanCannon
As more enterprises adopt DevSecOps, success stories keep piling up. The latest comes from CyberEdge Group in its 2021 Cyberthreat Defense Report. According to their survey of DevSecOps organizations:
- 45.8% deploy applications more quickly
- 47.2% deploy updates more quickly
- 38.5% reduce costs
- 38.3% reduce app security vulnerabilities
What secrets do these organizations know that others can learn? How are their security teams able to adapt to this new world?
They’ve embraced automation without sacrificing protection.
With DevOps Secrets Vault as a part of your DevSecOps strategy, you can too.
Automated secrets management reduces friction in the DevOps workflow
First and foremost, any security solution in a DevSecOps organization must match the speed requirements of your development process. That demands automation—table stakes for security and DevOps teams to even begin a conversation.
Even if ephemeral secrets are leaked, any would-be attacker is limited in what they can do
We built DevOps Secrets Vault to automate Secret creation and secure distribution. When cloud platform administrators, developers, applications, or databases need to access a target, DevOps Secrets Vault generates just-in-time, dynamic secrets. These secrets are time-bound and expire automatically. Even if these ephemeral secrets are leaked, any would-be attacker is limited in what they can do and has a limited window in which to do it.
For security teams to do their jobs as quickly as required in a DevSecOps workflow, they also need to immediately evaluate and react to risk. The latest release of DevOps Secrets Vault includes advanced reporting capabilities so you can easily identity privileged account risk in DevOps processes. You can customize reports using advanced queries to return granular information on users, groups, secrets, and policies. Surfacing this information lets you act more quickly to address security vulnerabilities and protect critical privileged accounts.
Every aspect of the dev process—including tools, scripts, and code—must be protected
While speed is important, it doesn’t supersede security requirements. You still need comprehensive protection, including encryption. Yet, encryption can often slow down development as it requires advanced cryptographic engineering knowledge not all developers have. Many enterprises find it difficult to test and confirm that encryption is implemented properly.
That’s why our most recent releases enhanced the encryption capabilities of DevOps Secrets Vault. Now, instead of including encryption within an application or creating another application to manage the process, developers can send data to DevOps Secrets Vault’s API and receive it back, encrypted. DevOps Secrets Vault automatically creates the AES-256 data encryption key and locks it away in a secure vault. They also have the choice to manually supply an encryption key. This option allows developers maximum control to use the same key to encrypt and decrypt, even outside of DevOps Secrets Vault.