Phone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

Secrets Management, Reporting, and Encryption for Effective DevSecOps

mm

Written by Billy VanCannon

May 18th, 2021

As more enterprises adopt DevSecOps, success stories keep piling up. The latest comes from CyberEdge Group in its 2021 Cyberthreat Defense Report. According to their survey of DevSecOps organizations:

  • 45.8% deploy applications more quickly
  • 47.2% deploy updates more quickly
  • 38.5% reduce costs
  • 38.3% reduce app security vulnerabilities

What secrets do these organizations know that others can learn? How are their security teams able to adapt to this new world?

They’ve embraced automation without sacrificing protection.

With DevOps Secrets Vault as a part of your DevSecOps strategy, you can too.

Automated secrets management reduces friction in the DevOps workflow

First and foremost, any security solution in a DevSecOps organization must match the speed requirements of your development process. That demands automation—table stakes for security and DevOps teams to even begin a conversation.

Even if ephemeral secrets are leaked, any would-be attacker is limited in what they can do

We built DevOps Secrets Vault to automate secret creation and secure distribution. When cloud platform administrators, developers, applications, or databases need to access a target, DevOps Secrets Vault generates just-in-time, dynamic secrets. These secrets are time-bound and expire automatically. Even if these ephemeral secrets are leaked, any would-be attacker is limited in what they can do and has a limited window in which to do it.

For security teams to do their jobs as quickly as required in a DevSecOps workflow, they also need to immediately evaluate and react to risk. The latest release of DevOps Secrets Vault includes advanced reporting capabilities so you can easily identity privileged account risk in DevOps processes. You can customize reports using advanced queries to return granular information on users, groups, secrets, and policies. Surfacing this information lets you act more quickly to address security vulnerabilities and protect critical privileged accounts.

Every aspect of the dev process—including tools, scripts, and code—must be protected

While speed is important, it doesn’t supersede security requirements. You still need comprehensive protection, including encryption. Yet, encryption can often slow down development as it requires advanced cryptographic engineering knowledge not all developers have. Many enterprises find it difficult to test and confirm that encryption is implemented properly.

That’s why our most recent releases enhanced the encryption capabilities of DevOps Secrets Vault. Now, instead of including encryption within an application or creating another application to manage the process, developers can send data to DevOps Secrets Vault’s API and receive it back, encrypted. DevOps Secrets Vault automatically creates the AES-256 data encryption key and locks it away in a secure vault. They also have the choice to manually supply an encryption key. This option allows developers maximum control to use the same key to encrypt and decrypt, even outside of DevOps Secrets Vault.

Encryption as a Service Diagram

Try the latest enhancements to DevOps Secrets Vault

DevOps Secrets Vault is available as a standalone vault for organizations with existing PAM solutions, as well as within Thycotic’s Cloud Automation Bundle.

Until June 30, 2021, you can get an integrated package of cloud security solutions for one discounted price.

The Cloud Automation Bundle includes:

  • Secret Server, Thycotic’s award-winning cloud PAM solution
  • DevOps Secrets Vault for high-speed secrets management
  • Privileged Behavior Analytics for detection and prevention
  • Connection Manager for secure remote session management 

Learn more about DevOps Secrets Vault and the Cloud Automation Bundle.

FREE IT Tools

FREE IT Tools

IT Admins: Our collection of free IT tools makes your life easy and your organization safer!

 

Like this post?

Get our top blog posts delivered to your inbox once a month.

SHARE THIS