Five Tips for Protecting Privileged Access in DevOps and Cloud Environments

By Clango

Rapid software development processes, IT automation, and the cloud enable organizations to respond more quickly to changing business demands. Increased agility brings greater risk, however. There are more opportunities for attackers to obtain privileged credentials that give them access to sensitive systems and data.

Continuous integration and continuous delivery (CI/CD) processes require that DevOps teams have privileged access to development and production environments. Automated tools also require privileged access to perform operational tasks. As organizations move toward DevOps methodologies and tools, they must ensure these credentials are tightly controlled and secured.

Unfortunately, the high-velocity nature of DevOps encourages shortcuts that bypass traditional security processes. To protect DevOps processes without impeding efficiency, organizations need a security strategy that closely aligns with DevOps culture and methods. However, 73 percent of organizations surveyed for the 2018 CyberArk Global Advanced Threat Landscape reported that they have no strategy to address privileged access security for DevOps.

Recently, CyberArk published a new research report that provides advice for organizations seeking to reduce privileged access risk in their DevOps and cloud environments. The third in the CISO View series, the report features contributions from executives at leading organizations that are adopting DevOps methodologies and tools. CyberArk developed the report in conjunction with independent research firm Robinson Insight, which collected the insights and guidance of the CISO View panel of Global 1000 CISOs, members of the security community, and other industry experts.

The report summarizes five key recommendations based on the real-world experiences of participating CISOs, including:

• Transform the security team into DevOps partners. Organizations should ensure that security practitioners and developers have the right skills, make it easy for developers to do the right thing, encourage collaboration, and adopt agile DevOps methods within security.
• Prioritize securing DevOps tools and infrastructure. This involves setting and enforcing policies for tools selection and configuration, controlling access to DevOps tools, ensuring least privilege access principles are followed, and protecting and monitoring infrastructure for suspicious privileged activity.
• Establish enterprise requirements for securing credentials and secrets. Organizations should mandate the centralized management of secrets, extend auditing and monitoring capabilities, eliminate the hard-coding of credentials in tools and applications, and develop reusable code modules.
• Adapt processes for application testing. Developers should be compelled to fix security issues using a “break the build” approach.
• Evaluate the results of DevOps security programs. Any security improvements gained from the implementation of a privileged access management solution should be measured and promoted.

Clango has a team of CyberArk Certified Delivery Engineers who can help you take advantage of CyberArk’s Core Privileged Access Security platform to protect your DevOps environment. By storing DevOps “secrets” in the Enterprise Password Vault, you can reduce the risk of loss, theft, or unauthorized sharing, and update and synchronize privileged account passwords and SSH keys at regular intervals. CyberArk also allows you to monitor and manage privileged sessions and eliminate embedded credentials in applications and scripts.

Organizations taking advantage of DevOps and cloud models need to ensure their security strategies align with new tools and processes. Clango’s privileged access management specialists can help you understand the risks and implement security tools that provide advanced protection without impeding DevOps velocity.

For more information about improving DevOps security, please send us an email at (info@clango.com).

Comments Closed.