Artificial Intelligence | News | Insights | AiThority
[bsfp-cryptocurrency style=”widget-18″ align=”marquee” columns=”6″ coins=”selected” coins-count=”6″ coins-selected=”BTC,ETH,XRP,LTC,EOS,ADA,XLM,NEO,LTC,EOS,XEM,DASH,USDT,BNB,QTUM,XVG,ONT,ZEC,STEEM” currency=”USD” title=”Cryptocurrency Widget” show_title=”0″ icon=”” scheme=”light” bs-show-desktop=”1″ bs-show-tablet=”1″ bs-show-phone=”1″ custom-css-class=”” custom-id=”” css=”.vc_custom_1523079266073{margin-bottom: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”]

Thycotic DevOps Secrets Vault Now Provides Just-In-Time Access to Cloud Platforms with Dynamic Secrets

Thycotic, provider of privileged access management (PAM) solutions to more than 10,000 organizations, including 25 of the Fortune 100, today revealed a new just-in-time functionality that ensures security of cloud platform access. The new release of Thycotic’s DevOps Secrets Vault solution supports dynamic secrets creation for infrastructure-as-a-service (IaaS) platforms Amazon Web Services (AWS), Microsoft Azure (Azure) and Google Cloud Platform (GCP).

Managing privileged access to IaaS platforms

According to IDG, almost two-thirds, 61%, of companies use platform-as-a-service (PaaS), 89% use software-as-a-service (SaaS), and 73% use IaaS. The impact of lost or stolen secrets on cloud platforms ranges from temporary disruptions to critical data loss.

As organizations build software and applications on cloud IaaS platforms, the DevOps tools they use to manage that process include both open-source and commercial software, numerous plug-ins to other tools, and library dependencies. While this makes these tools very powerful, it’s possible to have vulnerabilities or misconfigurations that leak secrets. This happens when secrets are improperly stored in memory or on disk, sent to logging systems, or leaked to other tools or processes.

Recommended AI News: Great Bay Insurance Selects Sapiens for Its Cloud-Based Transformation Project for Reinsurance and Financial Management

With DevOps Secrets Vault, dynamic secrets are automatically generated at the time of request and can be used when a user or resource, like a configuration tool, needs a credential but that access needs to expire after a set time. Dynamic secrets also enable fine-grained authorization through cloud policies. Limiting the scope of what the secret can do and the timeframe that the credential is valid greatly reduces any value of the secret to an attacker.

“The exponential growth of hybrid multi-cloud adoption is continuing to stress-test existing security models and conventional approaches to Privileged Access Management,” said Jai Dargan, Vice President of Product Management at Thycotic. “We know that organizations will migrate workloads to AWS, Azure, and GCP at record speed this year, so CISOs need to do everything they can with the available solutions they have to limit risk associated with secrets proliferation. DevOps Secrets Vault is a cloud-based vault that balances the security and velocity that DevOps teams require for this growing part of the enterprise attack surface. With dynamic secrets, we have added a just-in-time approach to secrets management that further reduces the risk of compromised credentials.”

Related Posts
1 of 32,116

Recommended AI News: FlowForma & MicrotechDPS Join Forces, to Support APAC Region With Process Automation Tools

Integrating with additional tools in the DevOps pipeline

DevOps Secrets Vault enables organizations to adopt enterprise-class secrets management for DevOps pipelines. The complexity and variety of tools within these pipelines require centralized management of privileged access to maintain security, unify privileged access management, and control costs.

Utilizing a cloud-based AWS architecture, DevOps Secrets Vault offers rapid deployment, elastic scalability, and is purpose-built to handle the high-speed secrets management needs of the most dynamic DevOps environments.

DevOps Secrets Vault now supports secrets access for Chef and Puppet and includes software development kits (SDKs) for Ruby and .NET. DevOps Secrets Vault also integrates with Jenkins, Kubernetes, Terraform, and Ansible, and includes SDKs for Java, Go, and Python.

Securing access to DevOps Secrets Vault

Users can authenticate to DevOps Secrets Vault through AWS, Azure, GCP, and Thycotic One methods. GCP support includes the ability to authenticate via service and user accounts, Google Compute Engines (GCE) and Google Kubernetes Engines (GKE). Thycotic One enables single sign-on and two-factor authentication via both TOTP and SMS methods.

Recommended AI News: Retail Tech Company Sales Layer Raises €3.5 Million in Funding From SONAE IM, Global Omnium and Swaanlab

Comments are closed, but trackbacks and pingbacks are open.