A Forrester survey shows that centralizing secrets and using unified tools is key to securing DevOps innovation. 57 percent of companies have suffered security incidents with disclosed secrets in DevOps.
ThycoticCentrify, a leading provider of cloud identity security solutions, born from the merger of two market leaders in Privileged Access Management (PAM), Thycotic and Centrify, commissioned a survey from Forrester to examine the paradox of security innovation in DevOps environments. The study shows that more than half of companies have experienced security incidents related to the disclosure of secrets in the past two years. At the same time, the majority of development teams in just five percent of companies use standardized processes and tools to manage secrets.
Forrester survey shows important results
The Forrester Opportunity Snapshot report, commissioned by ThycoticCentrify, titled Secure Innovation Requires Making DevOps Secrets Management Invisible, interviewed 227 Identity and Access Management (IAM) decision makers and 160 development team members in North America, EMEA and APAC. While 68 percent of developers believe that management prioritizes security over release dates, 53 percent of IAM leaders say developers lack the understanding or ability to implement appropriate security controls. The report also shows that both IAM executives and developers want to simplify access management, but that secure access controls are often too manual and fraught with friction, which hinders innovation.
DevOps: Migration to the cloud
“The migration to the cloud and the development of microservice architectures require a switch to automated application delivery. These new application architectures must be designed with security in mind to ensure compliance and protect the integrity and reputation of the company, "said David McNeely, chief technology officer, ThycoticCentrify. “Securing these new applications should be easy for developers to find, while also providing the flexibility operations teams need to respond to business needs. This report is encouraging confirmation that both security officers and developers want to centralize the management of secrets and embed them in the tools already in use in the continuous integration and deployment pipelines. "
The key to solving this challenge is making secrets management invisible to developers and DevOps teams, who agreed that doing so would improve their experience (63%) and productivity (69%). To do this, 76 percent of IAM executives are looking for purpose-built PAM for DevOps solutions that help development and security teams work better together.
PAM solution for managing DevOps secrets
DevOps Secrets Vault, ThycoticCentrify's PAM solution for managing DevOps secrets, enables companies to centrally manage, control and review secrets for automated processes that run without human supervision. DevOps Secrets Vault improves developer and security team productivity by reducing friction and embedding automated secure access controls into the DevOps process.
ThycoticCentrify recently introduced geolocation-based routing to ensure that customers are automatically directed to the cloud service closest to their data centers to optimize performance and ensure active failover. The solution is continuously improving for usability and now allows non-DevOps users to view and manage DevOps Secrets Vault through a user interface instead of the command line interface (CLI).
More at Thycotic.com
About ThycoticCentrify ThycoticCentrify is a leading provider of cloud identity security solutions that enable digital transformation on a large scale. ThycoticCentrify's industry-leading Privileged Access Management (PAM) solutions reduce risk, complexity and cost while protecting enterprise data, devices and code in cloud, on-premises and hybrid environments. More than 14.000 leading companies around the world, including more than half of the Fortune 100, trust ThycoticCentrify. Customers include the world's largest financial institutions, intelligence agencies, and critical infrastructure companies. Whether human or machine, in the cloud or on-premises - with ThycoticCentrify, privileged access is secure.