Posted under: For Research Library
Traditional application security concerns are changing in response to disruptive technologies and development frameworks. Cloud services, containerization, orchestration platforms, automated build pipelines – just to name a few – all change the way we build and deploy applications. And each effects security in a different way. One of the new application security challenges comes from provisioning machines, applications and services with the credentials they need at runtime. When you remove humans from the process, things move much faster, but know how and when to automatically provide passwords, auth tokens and certificates is a not an easy problem to tackle. This secrets management problem is not a new one, but the need grows exponentially when we begin orchestrating the entire application build and deployment process. We need to automate the distribution and management of secrets to ensure secure application delivery.
In this research paper we cover the basics use cases for secrets management, and then dive into the different technologies that address this need. Many of the technologies assume a specific application deployment model, so we will also discuss the pros and cons of the different approaches. We close out the research paper with some recommendations on product selection and criteria for your decsion.
We would also like to thank the folks at CyberArk for getting behind this research effort and licensing this content. It’s support like this that allows us to both deliever research under our Totally Transparent Research process and bring this content to you free of charge. Not even a registration wall. Free and we respect your privacy. Not a bad deal.
As always, if you have comments or question on the research shoot us an email. If you want to make comments or suggestions for future iterations of this research, please leave a comment.
You can go directly to the full paper here: Securosis_Secrets_Management_JAN2018_FINAL.pdf
Or you can visit the research library as well:
This is a Security Bloggers Network syndicated blog post authored by firstname.lastname@example.org (Securosis). Read the original post at: Securosis Blog