Recently, KuppingerCole released the first edition of its Leadership Compass for Privileged Access Management for DevOps. The KuppingerCole report recognizes the unique and complex challenges that exist in DevOps and other dynamic environments. The report also calls out BeyondTrusts recent advancements in the secrets management category of Privileged Access Management, and other strong PAM capabilities. This blog will explore some key challenges of DevOps that BeyondTrust PAM can solve for, and provide some highlights from the KuppingerCole report, which you may also download here. At the heart of this process, is a large set of applications, bots, automation platforms, CI/CD tools, and many more non-human entities that must leverage secrets to keep the software delivery pipeline running smoothly. A constant challenge and source of friction is the security need of consistently enforcing secrets management best practices without slowing down DevOps teams across all the different tools and applications. Credentials should not be left stagnant / unchanged or left embedded in scripts or tools where they can easily be forgotten, or potentially discovered by a threat actor performing reconnaissance across the environment. When the problem is addressed at all, it is commonly done by relying on native toolsets or a patchwork of niche tools that each only address a slice of the environment. Having multiple overlapping point tools is a sure way to lose sight of secrets sprawl, introduce inconsistencies, administrative gaps, and potential vulnerabilities. To address these challenges, BeyondTrust created a purpose-built product, DevOps Secrets Safe, for centralized secrets management of all your DevOps secrets used in CI/CD and automation workflows. DevOps Secrets Safe is specifically designed for the high volume and high-change workloads found in DevOps environments. In their PAM for DevOps report, Paul Fisher, Senior Analyst at KuppingerCole says, DevOps Secrets Safe goes beyond securing passwords and stores secrets used by applications, tools and other non-human identities such as Kubernetes service accounts. BeyondTrust also supports native integration with DevOps tools such as Jenkins, Puppet, and Azure DevOps, while Password Safe now supports better protection for shared credentials for DevOps and QA teams with a view to improving productivity in agile environments. These are all good developments. Implement secrets management best practices: Secure and automate the storage and access of secrets used by applications, tools, and other processes across your development operations environments. Supports peak DevOps agility: A REST API-first approach and CLI tool provide your teams with a preferred UX that helps drive fast adoption and increased productivity. DevOps Secrets Safe is a standalone application built on an extensible microservices-based design utilizing Docker containers and targeting Kubernetes as a deployment platform. Integrates with DevOps tools: Enable faster application delivery via frictionless native integrations with common DevOps tools such as Ansible, Jenkins, and Azure DevOps. Implement JIT cloud infrastructure access for automated workflows: Dynamically generate accounts to access APIs and enable an automated way for DevOps engineers to securely manage cloud infrastructure. Overprovisioned Access and Shadow IT. Because they move fast and lean into self-service, DevOps teams can also be substantive drivers of shadow IT. This shadow IT includes tools and applications that may not be properly hardened or that have dangerous security vulnerabilities or backdoors. Often, these tools and applications, as well as the people who use them, are also overprovisioned with privileges, which bloats the attack surface and provides many pathways for lateral movement. BeyondTrusts industry-leading Endpoint Privilege Management solution enables organizations to enforce least privilege across their entire organization, including their DevOps estate, to protect against known and unknown threats. Priv
This Cyber News was published on www.beyondtrust.com. Publication date: Mon, 30 Jan 2023 23:48:02 +0000