itb-nz logo
Story image

Security teams could be slowing down DevOps, survey shows

Venafi has released the findings of its latest survey, revealing 75% of DevOps professionals say certificate issuance policies slow them down.

In addition, more than a third (39%) of professionals believe developers should be able to circumvent these policies to meet service level agreements, and less than half believe developers always request certificates that serve as machine identities through authorised channels.

Venafi, the inventor and provider of machine identity protection, conducted a survey on digital certificate security policies and practices in DevOps environments.

Cryptographic keys and certificates serve as machine identities and enable authentication and secure communication for applications, service containers and APIs on enterprise networks, the internet and in cloud environments. The use of weak or unauthorised keys and certificates can significantly increase security risks, particularly in cloud environments, Venafi says.

Developers use insecure machine identities, including certificates from unauthorised certificate authorities (CAs) and self-signed or wild card certificates, because corporate certificate issuance processes are seen as too cumbersome, Venafi says.

However, this leaves security teams in the dark and increases organisational risk, especially if key and certificate vulnerabilities or errors enter production environments, the company states.

“DevOps is all about speed, but this survey illustrates that developers often find security policies slow,” says Kevin Bocek, Venafi vice president of security strategy and threat intelligence.

He says, “Unfortunately, security professionals are often unaware of the risks DevOps processes bring to their organisations. Ultimately, security teams need to make it more straightforward for developers to use machine identities protecting them must be easier and faster than it is to circumvent policy, otherwise these problems will continue to grow exponentially.

"Organisations that rely on DevOps processes require visibility, intelligence and automation to protect their machine identities.”

Story image
Fortinet’s ‘zero trust’ approach redefining security
Cornelius Mare, Fortinet A/NZ Director, Security Solutions, explains why taking a ‘zero trust network access’ approach to cybersecurity requires fully-integrated and comprehensive security services and policies.More
Story image
DevOps & IT teams feel pressure to keep digital services online during pandemic
Many DevOps and IT teams spend more than 10 extra hours per week dealing with a 47% rise in incidents.More
Story image
National Party announces $1.29 billion tech policy ahead of election
The policy, announced today, pledges to create 100,000 jobs in the industry by 2030 if the party is elected next month.More
Story image
Cambium Networks' "breakthrough" in 60 GHz fixed wireless broadband
The technology can deliver ‘fibre-like’ internet speeds at a lower cost and faster time to market than last-mile wired networks.More
Story image
From 1G to 5G: How innovations in cellular have shaped our lives
As we look to the present decade from 2020 onwards, 5G will be at the forefront. The race for 5G is not about merely deploying new infrastructure, but getting the first-mover advantage in who can build and take the leadership role in the host of new applications and services that 5G will enable.More
Story image
Blue Prism extends human-to-digital worker collaboration with new Interact capability
Blue Prism Interact is a human-to-digital worker collaboration capability that enables employees to team up with digital workers to initiate, instruct, verify, receive, and authorise a variety of business processes through the digital workforce.More