{"id":10865,"date":"2017-11-07T09:00:34","date_gmt":"2017-11-07T08:00:34","guid":{"rendered":"http:\/\/www.devopsonline.co.uk\/?p=10865"},"modified":"2017-11-07T19:38:43","modified_gmt":"2017-11-07T18:38:43","slug":"cyberark-devops-security-teams-must-collaborate-reduce-risk-cyber-attack","status":"publish","type":"post","link":"https:\/\/devopsnews.online\/cyberark-devops-security-teams-must-collaborate-reduce-risk-cyber-attack\/","title":{"rendered":"CyberArk: DevOps and security teams ‘must collaborate’"},"content":{"rendered":"

According to the first findings to be released from CyberArk\u2019s Advanced Threat Landscape 2018<\/em> report, DevOps and security professionals have “worrying knowledge gaps” about where privileged accounts and secrets exist across the IT infrastructure.<\/p>\n

Nearly all respondents (99%) failed to identify all places where privileged accounts or secrets exist when offered several options from PCs\/laptops to microservices, cloud environments and containers.<\/p>\n

The option where the highest levels of unawareness existed was source code repositories such as GitHub, with 84% of survey respondents unaware that privileged accounts or secrets are found here, followed by microservices (80%), cloud environments (78%) and CI\/CD tools used by DevOps teams (76%).<\/p>\n

‘Secrets are being created’<\/h2>\n

Elizabeth Lawler, vice president for DevOps security at CyberArk, said: \u201cAs organisations employ DevOps, more privileged account credentials and secrets are being created and shared across interconnected business ecosystems.<\/p>\n

\u201cEven though the dedicated technology exists, with few organisations managing and securing secrets, they become prime targets for attacks. In the hands of an external attacker or malicious insider, compromised credentials and secrets can allow attackers to take full control of an organisation\u2019s entire IT infrastructure.<\/p>\n

\u201dSo it\u2019s worrying that the rush to achieve IT and business advantages through DevOps is outpacing awareness of an expanded – and unmanaged – privileged attack surface.\u201d<\/p>\n

With just a quarter of security teams reporting that they have a privileged account security strategy for\u00a0DevOps, and\u00a0integration between teams lacking for nearly two-thirds of respondents (65%), many DevOps professionals are taking matters into their own hands. Nearly 22% of them have built their own security solution.<\/p>\n

‘You must figure out every single tool’<\/h2>\n

Lawler continued: \u201cBuilding your own security solutions is arguably OK up to a point, but is not a scalable way forward. From Jenkins to Puppet to Chef, there are no common standards between different tools, which means you must figure out every single tool to know how to secure it.<\/p>\n

\u201cDevOps really needs its own security stack, and security teams must bring something to the table here. They can provide a systemised approach that helps the DevOps teams maintain security while accelerating application delivery and boosting productivity.\u201d<\/p>\n

Enterprises are increasingly using cloud orchestration and automation tools to drive\u00a0DevOps\u00a0initiatives, and nearly half (49%) of respondents reported using the cloud for internal development.<\/p>\n

‘Lack of a DevOps security’<\/h2>\n

However, the study shows that the lack of a DevOps security strategy extends to the cloud. Nearly two thirds (74%) rely on their cloud vendor\u2019s built-in security, meaning privileged account security is not fully integrated into DevOps processes when spinning up new environments.<\/p>\n

Lawler concludes: \u201cTaken together, this year\u2019s survey findings indicate that many organisations do not understand the need – or the mechanisms – to secure privileged account credentials and secrets, whether that\u2019s in the cloud or on-premises. DevOps and security tools and practices must fuse in order to effectively protect privileged information.<\/p>\n

\u201cBuilding awareness and enabling collaboration between DevOps and security teams is the first step to help businesses build a scalable security platform that is constantly improved as new iterations of tools are developed, tested and released.\u201d<\/p>\n

\"\"<\/a><\/p>\n

Written from press release by Leah Alger<\/p>\n","protected":false},"excerpt":{"rendered":"

DevOps and security professionals have “worrying knowledge gaps” about where privileged accounts and secrets exist across the IT infrastructure<\/p>\n","protected":false},"author":12,"featured_media":10867,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","pmpro_default_level":"","footnotes":""},"categories":[1158],"tags":[70,2281,67,287,2282,638,112],"yoast_head":"\nSecurity professionals worry where secrets exist across IT infrastructure<\/title>\n<meta name=\"description\" content=\"DevOps and security professionals have "worrying knowledge gaps" about where privileged accounts and secrets exist across the IT infrastructure\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/devopsnews.online\/cyberark-devops-security-teams-must-collaborate-reduce-risk-cyber-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security professionals worry where secrets exist across IT infrastructure\" \/>\n<meta property=\"og:description\" content=\"DevOps and security professionals have "worrying knowledge gaps" about where privileged accounts and secrets exist across the IT infrastructure\" \/>\n<meta property=\"og:url\" content=\"https:\/\/devopsnews.online\/cyberark-devops-security-teams-must-collaborate-reduce-risk-cyber-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"DevOps Online North America\" \/>\n<meta property=\"article:published_time\" content=\"2017-11-07T08:00:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-11-07T18:38:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/devopsnews.online\/wp-content\/uploads\/2017\/11\/event-logo-square.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"500\" \/>\n\t<meta property=\"og:image:height\" content=\"500\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Leah Alger\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@DevOpsAmerica\" \/>\n<meta name=\"twitter:site\" content=\"@DevOpsAmerica\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Leah Alger\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/devopsnews.online\/cyberark-devops-security-teams-must-collaborate-reduce-risk-cyber-attack\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/devopsnews.online\/cyberark-devops-security-teams-must-collaborate-reduce-risk-cyber-attack\/\"},\"author\":{\"name\":\"Leah Alger\",\"@id\":\"https:\/\/devopsnews.online\/#\/schema\/person\/d705a7d7c56b625b482e9b13a8e49a2c\"},\"headline\":\"CyberArk: DevOps and security teams ‘must collaborate’\",\"datePublished\":\"2017-11-07T08:00:34+00:00\",\"dateModified\":\"2017-11-07T18:38:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/devopsnews.online\/cyberark-devops-security-teams-must-collaborate-reduce-risk-cyber-attack\/\"},\"wordCount\":528,\"publisher\":{\"@id\":\"https:\/\/devopsnews.online\/#organization\"},\"image\":{\"@id\":\"https:\/\/devopsnews.online\/cyberark-devops-security-teams-must-collaborate-reduce-risk-cyber-attack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/devopsnews.online\/wp-content\/uploads\/2017\/11\/event-logo-square.jpg\",\"keywords\":[\"Cloud\",\"Cyber Ark\",\"DevOps\",\"ecosystems\",\"IT infrastructure\",\"microservices\",\"security\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/devopsnews.online\/cyberark-devops-security-teams-must-collaborate-reduce-risk-cyber-attack\/\",\"url\":\"https:\/\/devopsnews.online\/cyberark-devops-security-teams-must-collaborate-reduce-risk-cyber-attack\/\",\"name\":\"Security professionals worry where secrets exist across IT infrastructure\",\"isPartOf\":{\"@id\":\"https:\/\/devopsnews.online\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/devopsnews.online\/cyberark-devops-security-teams-must-collaborate-reduce-risk-cyber-attack\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/devopsnews.online\/cyberark-devops-security-teams-must-collaborate-reduce-risk-cyber-attack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/devopsnews.online\/wp-content\/uploads\/2017\/11\/event-logo-square.jpg\",\"datePublished\":\"2017-11-07T08:00:34+00:00\",\"dateModified\":\"2017-11-07T18:38:43+00:00\",\"description\":\"DevOps and security professionals have \\\"worrying knowledge gaps\\\" about where privileged accounts and secrets exist across the IT infrastructure\",\"breadcrumb\":{\"@id\":\"https:\/\/devopsnews.online\/cyberark-devops-security-teams-must-collaborate-reduce-risk-cyber-attack\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/devopsnews.online\/cyberark-devops-security-teams-must-collaborate-reduce-risk-cyber-attack\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/devopsnews.online\/cyberark-devops-security-teams-must-collaborate-reduce-risk-cyber-attack\/#primaryimage\",\"url\":\"https:\/\/devopsnews.online\/wp-content\/uploads\/2017\/11\/event-logo-square.jpg\",\"contentUrl\":\"https:\/\/devopsnews.online\/wp-content\/uploads\/2017\/11\/event-logo-square.jpg\",\"width\":500,\"height\":500,\"caption\":\"infrastrucure\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/devopsnews.online\/cyberark-devops-security-teams-must-collaborate-reduce-risk-cyber-attack\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/devopsnews.online\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CyberArk: DevOps and security teams ‘must collaborate’\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/devopsnews.online\/#website\",\"url\":\"https:\/\/devopsnews.online\/\",\"name\":\"DevOps Online North America\",\"description\":\"by 31 Media Ltd.\",\"publisher\":{\"@id\":\"https:\/\/devopsnews.online\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/devopsnews.online\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/devopsnews.online\/#organization\",\"name\":\"DevOps Online North America\",\"url\":\"https:\/\/devopsnews.online\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/devopsnews.online\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/devopsnews.online\/wp-content\/uploads\/2020\/03\/DevOpsOnline_email.png\",\"contentUrl\":\"https:\/\/devopsnews.online\/wp-content\/uploads\/2020\/03\/DevOpsOnline_email.png\",\"width\":198,\"height\":64,\"caption\":\"DevOps Online North America\"},\"image\":{\"@id\":\"https:\/\/devopsnews.online\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/DevOpsAmerica\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/devopsnews.online\/#\/schema\/person\/d705a7d7c56b625b482e9b13a8e49a2c\",\"name\":\"Leah Alger\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/devopsnews.online\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/0ac9e809e8ffafd8330210900bac04c0?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/0ac9e809e8ffafd8330210900bac04c0?s=96&d=mm&r=g\",\"caption\":\"Leah Alger\"},\"url\":\"https:\/\/devopsnews.online\/author\/leah-alger\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Security professionals worry where secrets exist across IT infrastructure","description":"DevOps and security professionals have \"worrying knowledge gaps\" about where privileged accounts and secrets exist across the IT infrastructure","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/devopsnews.online\/cyberark-devops-security-teams-must-collaborate-reduce-risk-cyber-attack\/","og_locale":"en_US","og_type":"article","og_title":"Security professionals worry where secrets exist across IT infrastructure","og_description":"DevOps and security professionals have \"worrying knowledge gaps\" about where privileged accounts and secrets exist across the IT infrastructure","og_url":"https:\/\/devopsnews.online\/cyberark-devops-security-teams-must-collaborate-reduce-risk-cyber-attack\/","og_site_name":"DevOps Online North America","article_published_time":"2017-11-07T08:00:34+00:00","article_modified_time":"2017-11-07T18:38:43+00:00","og_image":[{"width":500,"height":500,"url":"https:\/\/devopsnews.online\/wp-content\/uploads\/2017\/11\/event-logo-square.jpg","type":"image\/jpeg"}],"author":"Leah Alger","twitter_card":"summary_large_image","twitter_creator":"@DevOpsAmerica","twitter_site":"@DevOpsAmerica","twitter_misc":{"Written by":"Leah Alger","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/devopsnews.online\/cyberark-devops-security-teams-must-collaborate-reduce-risk-cyber-attack\/#article","isPartOf":{"@id":"https:\/\/devopsnews.online\/cyberark-devops-security-teams-must-collaborate-reduce-risk-cyber-attack\/"},"author":{"name":"Leah Alger","@id":"https:\/\/devopsnews.online\/#\/schema\/person\/d705a7d7c56b625b482e9b13a8e49a2c"},"headline":"CyberArk: DevOps and security teams ‘must collaborate’","datePublished":"2017-11-07T08:00:34+00:00","dateModified":"2017-11-07T18:38:43+00:00","mainEntityOfPage":{"@id":"https:\/\/devopsnews.online\/cyberark-devops-security-teams-must-collaborate-reduce-risk-cyber-attack\/"},"wordCount":528,"publisher":{"@id":"https:\/\/devopsnews.online\/#organization"},"image":{"@id":"https:\/\/devopsnews.online\/cyberark-devops-security-teams-must-collaborate-reduce-risk-cyber-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/devopsnews.online\/wp-content\/uploads\/2017\/11\/event-logo-square.jpg","keywords":["Cloud","Cyber Ark","DevOps","ecosystems","IT infrastructure","microservices","security"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/devopsnews.online\/cyberark-devops-security-teams-must-collaborate-reduce-risk-cyber-attack\/","url":"https:\/\/devopsnews.online\/cyberark-devops-security-teams-must-collaborate-reduce-risk-cyber-attack\/","name":"Security professionals worry where secrets exist across IT infrastructure","isPartOf":{"@id":"https:\/\/devopsnews.online\/#website"},"primaryImageOfPage":{"@id":"https:\/\/devopsnews.online\/cyberark-devops-security-teams-must-collaborate-reduce-risk-cyber-attack\/#primaryimage"},"image":{"@id":"https:\/\/devopsnews.online\/cyberark-devops-security-teams-must-collaborate-reduce-risk-cyber-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/devopsnews.online\/wp-content\/uploads\/2017\/11\/event-logo-square.jpg","datePublished":"2017-11-07T08:00:34+00:00","dateModified":"2017-11-07T18:38:43+00:00","description":"DevOps and security professionals have \"worrying knowledge gaps\" about where privileged accounts and secrets exist across the IT infrastructure","breadcrumb":{"@id":"https:\/\/devopsnews.online\/cyberark-devops-security-teams-must-collaborate-reduce-risk-cyber-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/devopsnews.online\/cyberark-devops-security-teams-must-collaborate-reduce-risk-cyber-attack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/devopsnews.online\/cyberark-devops-security-teams-must-collaborate-reduce-risk-cyber-attack\/#primaryimage","url":"https:\/\/devopsnews.online\/wp-content\/uploads\/2017\/11\/event-logo-square.jpg","contentUrl":"https:\/\/devopsnews.online\/wp-content\/uploads\/2017\/11\/event-logo-square.jpg","width":500,"height":500,"caption":"infrastrucure"},{"@type":"BreadcrumbList","@id":"https:\/\/devopsnews.online\/cyberark-devops-security-teams-must-collaborate-reduce-risk-cyber-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/devopsnews.online\/"},{"@type":"ListItem","position":2,"name":"CyberArk: DevOps and security teams ‘must collaborate’"}]},{"@type":"WebSite","@id":"https:\/\/devopsnews.online\/#website","url":"https:\/\/devopsnews.online\/","name":"DevOps Online North America","description":"by 31 Media Ltd.","publisher":{"@id":"https:\/\/devopsnews.online\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/devopsnews.online\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/devopsnews.online\/#organization","name":"DevOps Online North America","url":"https:\/\/devopsnews.online\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/devopsnews.online\/#\/schema\/logo\/image\/","url":"https:\/\/devopsnews.online\/wp-content\/uploads\/2020\/03\/DevOpsOnline_email.png","contentUrl":"https:\/\/devopsnews.online\/wp-content\/uploads\/2020\/03\/DevOpsOnline_email.png","width":198,"height":64,"caption":"DevOps Online North America"},"image":{"@id":"https:\/\/devopsnews.online\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/DevOpsAmerica"]},{"@type":"Person","@id":"https:\/\/devopsnews.online\/#\/schema\/person\/d705a7d7c56b625b482e9b13a8e49a2c","name":"Leah Alger","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/devopsnews.online\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/0ac9e809e8ffafd8330210900bac04c0?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0ac9e809e8ffafd8330210900bac04c0?s=96&d=mm&r=g","caption":"Leah Alger"},"url":"https:\/\/devopsnews.online\/author\/leah-alger\/"}]}},"_links":{"self":[{"href":"https:\/\/devopsnews.online\/wp-json\/wp\/v2\/posts\/10865"}],"collection":[{"href":"https:\/\/devopsnews.online\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devopsnews.online\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devopsnews.online\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/devopsnews.online\/wp-json\/wp\/v2\/comments?post=10865"}],"version-history":[{"count":0,"href":"https:\/\/devopsnews.online\/wp-json\/wp\/v2\/posts\/10865\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devopsnews.online\/wp-json\/wp\/v2\/media\/10867"}],"wp:attachment":[{"href":"https:\/\/devopsnews.online\/wp-json\/wp\/v2\/media?parent=10865"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devopsnews.online\/wp-json\/wp\/v2\/categories?post=10865"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devopsnews.online\/wp-json\/wp\/v2\/tags?post=10865"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}