itb-nz logo
Story image

Security teams could be slowing down DevOps, survey shows

Venafi has released the findings of its latest survey, revealing 75% of DevOps professionals say certificate issuance policies slow them down.

In addition, more than a third (39%) of professionals believe developers should be able to circumvent these policies to meet service level agreements, and less than half believe developers always request certificates that serve as machine identities through authorised channels.

Venafi, the inventor and provider of machine identity protection, conducted a survey on digital certificate security policies and practices in DevOps environments.

Cryptographic keys and certificates serve as machine identities and enable authentication and secure communication for applications, service containers and APIs on enterprise networks, the internet and in cloud environments. The use of weak or unauthorised keys and certificates can significantly increase security risks, particularly in cloud environments, Venafi says.

Developers use insecure machine identities, including certificates from unauthorised certificate authorities (CAs) and self-signed or wild card certificates, because corporate certificate issuance processes are seen as too cumbersome, Venafi says.

However, this leaves security teams in the dark and increases organisational risk, especially if key and certificate vulnerabilities or errors enter production environments, the company states.

“DevOps is all about speed, but this survey illustrates that developers often find security policies slow,” says Kevin Bocek, Venafi vice president of security strategy and threat intelligence.

He says, “Unfortunately, security professionals are often unaware of the risks DevOps processes bring to their organisations. Ultimately, security teams need to make it more straightforward for developers to use machine identities protecting them must be easier and faster than it is to circumvent policy, otherwise these problems will continue to grow exponentially.

"Organisations that rely on DevOps processes require visibility, intelligence and automation to protect their machine identities.”

Story image
CompTIA launches COVID-19 resources forum for tech industry
IT and tech industry forum CompTIA has created an interactive online forum dedicated to serving technology firms and workers during the COVID-19 pandemic.More
Story image
Interview: Equinox co-CEOs on adopting cloud and delivering business value
In the midst of global pandemic and remote working, delivering business value and adopting DevOps and cloud is an even greater challenge. David Reiss and Deane Sloan of Equinox explain how to navigate adoption and security during COVID-19.More
Story image
Nutanix drives further A/NZ expansion with new managing director
“We are witnessing a fundamental shift in the way corporate Australia and New Zealand does, and will do, business in the future."More
Story image
Interview: RSA explains security in the epoch of IT disruption
We discussed cybersecurity in terms of how it fits into business continuity, as well as the threat landscape, and what RSA is currently doing to assist businesses that need protection.More
Link image
Take advantage of free multi-factor authentication as you work remotely
Cybersecurity is shaping up to be one of the most important areas to consider while working from home. Leverage biometrics and password authentication for free with RSA.More
Story image
COVID-19: Telco cloud revenue from 5G to drop by 25%
Telco cloud revenue from 5G core deployments will fall between 20%-30% short of the forecasted US$9 billion in 2020. The investment shortfall in modernising telco networks may be somewhere in the range of US$2 to US$3 billion in the short term.More