sb-au logo
Story image

Security teams could be slowing down DevOps, survey shows

Venafi has released the findings of its latest survey, revealing 75% of DevOps professionals say certificate issuance policies slow them down.

In addition, more than a third (39%) of professionals believe developers should be able to circumvent these policies to meet service level agreements, and less than half believe developers always request certificates that serve as machine identities through authorised channels.

Venafi, the inventor and provider of machine identity protection, conducted a survey on digital certificate security policies and practices in DevOps environments.

Cryptographic keys and certificates serve as machine identities and enable authentication and secure communication for applications, service containers and APIs on enterprise networks, the internet and in cloud environments. The use of weak or unauthorised keys and certificates can significantly increase security risks, particularly in cloud environments, Venafi says.

Developers use insecure machine identities, including certificates from unauthorised certificate authorities (CAs) and self-signed or wild card certificates, because corporate certificate issuance processes are seen as too cumbersome, Venafi says.

However, this leaves security teams in the dark and increases organisational risk, especially if key and certificate vulnerabilities or errors enter production environments, the company states.

“DevOps is all about speed, but this survey illustrates that developers often find security policies slow,” says Kevin Bocek, Venafi vice president of security strategy and threat intelligence.

He says, “Unfortunately, security professionals are often unaware of the risks DevOps processes bring to their organisations. Ultimately, security teams need to make it more straightforward for developers to use machine identities protecting them must be easier and faster than it is to circumvent policy, otherwise these problems will continue to grow exponentially.

"Organisations that rely on DevOps processes require visibility, intelligence and automation to protect their machine identities.”

Story image
Marriott International reports breach affecting 5.2 million customers
Marriott said in statement that an ‘unexpected’ amount of guest information may have been accessed in mid-January this year, using the login credentials of two employees at one of the company’s franchise properties.More
Story image
Forcepoint unveils impressive channel recruits across APAC and ANZ
Cybersecurity firm Forcepoint has named four new key appointments to its leadership team as it looks to strengthen its channel, strategy and sales lineup across the Asia Pacific and Australian New Zealand regions.More
Story image
Do not wait: Look at your IoT devices now
As millions of people become confined to their homes, the security of Internet of Things devices has never been so important.More
Story image
The top four cloud IT security misconfigurations and how to fix them
Thankfully, there are some effective steps that can be taken to overcome four of the most common security issues, thereby reducing the attack surface. More
Story image
Mentorship key to bringing women into cybersecurity - Microsoft
“Diverse teams make better and faster decisions 87% of the time compared with all male teams, yet the actual number of women in our field fluctuates between 10 and 20%. What ideas have we missed by not including more women?”More
Story image
COVID-19: Surfshark joins growing list of companies offering free services
The VPN service has recently announced its intention to offer free six-month subscriptions for small businesses, as more countries tighten quarantine measures and finances become strained.More