The number of privileged accounts has grown rapidly in recent years as organizations have adopted DevOps practices. DevOps teams constantly create hosts, machines, and systems, each of which has one or more privileged accounts associated with it. They also use a wide array of continuous integration and delivery tools and process scripts that also contain passwords, encryption keys, and tokens.
If these privileged credentials are compromised, hackers can gain back doors into the DevOps environment and, ultimately, the entire IT infrastructure. Despite the obvious risks, however, few organizations adequately manage and secure privileged account credentials for their DevOps teams. In CyberArk’s 2018 Global Advanced Threat Landscape Report, 73 percent of organizations reported they had no strategy at all for securing the privileged accounts of DevOps users. Worse, 99 percent could not identify all the places where credentials were stored, some of which were highly vulnerable.
CyberArk’s Core Privileged Access Security platform is designed to protect privileged credentials and monitor privileged access to detect high-risk behavior. Central to the solution is the Enterprise Password Vault, which features a highly secure database that stores privileged account credentials, access control policies, credential management policies, and audit information. To protect the Vault itself and the data stored within it, CyberArk features a multilayered encryption hierarchy. CyberArk also provides proprietary configurations for hardening servers running Vault software.
Authorized users gain access to the privileged credentials they need by logging into CyberArk, searching for a particular device or system, and then clicking on it to reveal the password. While that might not sound like too great of a burden, it can create real bottlenecks for DevOps personnel who are managing hundreds of systems. For example, a network administrator might need to log in to 25 firewalls every Friday to perform routine maintenance. Manually searching through the Vault and checking out all the passwords increases the time required to complete this task.
That’s why privileged account best practices create a dilemma for IT organizations. The more complex or burdensome the security measures, the more likely users will find workarounds that make their jobs easier. This is particularly true for IT operators, administrators, and developers, who require quick access to systems to handle day-to-day operational tasks. Writing down passwords or storing them in spreadsheets defeats the purpose of CyberArk.
Clango has developed a unique solution that minimizes inconvenience while retaining all the security benefits of the CyberArk Privileged Access Security platform. The CONFIDE desktop and mobile app make it possible to create “favorites” lists of systems and checkout all the associated credentials at once. By streamlining access to privileged credentials, CONFIDE limits the temptation to create password retrieval workarounds that could skirt security policies. CONFIDE is compatible with Active Directory logins and integrates with Touch ID on smartphones for added convenience and security.
Because privileged accounts contain the keys to the IT kingdom, they are a primary target for cybercriminals. CyberArk’s Privileged Access Security solution can help minimize the risk, but only if used properly. Clango’s CONFIDE application streamlines access to privileged credentials stored in the CyberArk Vault, making it easier for IT teams to access the credentials they need while preventing those credentials from falling into the wrong hands.
For more information about CONFIDE, please visit our CONFIDE page.