TMCnet News
Venafi Study: Weak Cryptographic Security Controls Epidemic Among DevOps TeamsDockerCon Booth S35 - Venafi®, the leading provider of machine identity protection, today announced the results of a study on the cryptographic security practices of DevOps teams. Cryptographic security risks are amplified in DevOps settings, where compromises in development or test environments can spread to production systems and applications. According to the study, many organizations fail to enforce vital cryptographic security measures in their DevOps environments. These problems are especially acute among organizations that are in the midst of adopting DevOps practices, but even organizations that say their DevOps practices are mature do not follow security practices designed to protect cryptographic keys and digital certificates. "It's clear that most organizations are still struggling with securing the cryptographic keys and digital certificates used to uniquely identify machines," said Kevin Bocek, chief security strategist for Venafi. "Although DevOps teams indicate that they understand the risks associated with TLS/ SSL keys and certificates, they clearly aren't translating that awareness into meaningful protection. This inaction can leave organizations, their customers and partners extremely vulnerable to cryptographic threats that are difficult to detect and remediate." Key study findings:
"If the keys and certificates used by DevOps teams are not properly protected, cyber criminals will be able to exploit SSL/TLS keys and certificates to create their own encrypted tunnels," said Tim Bedard, director of threat intelligence and analytics for Venafi. "Or attackers can use misappropriated SSH keys to pivot inside the network, elevate their own privileged access, install malware or exfiltrate large quantities of sensitive corporate data and IP, all while remaining undetected." The study was conducted by Dimensional Research in November 2016. Study respondents included 431 IT professionals responsible for cryptographic assets in companies with DevOps programs in the U.S. and Europe. For more information, please visit: https://www.venafi.com/research/mature-devops-study Additional resources BLOG: Self-signed Certificates Open a Can of Worms for DevOps Security Teams BLOG: Wildcard Certificates Make Encryption Easier, But Less Secure. BLOG: 3 Steps that Stop the Speed of DevOps from Introducing Security Risk About Venafi Venafi is the market-leading cybersecurity company that secures and protects the cryptographic keys and digital certificates every business and government depends on for secure communications, commerce, computing, and mobility. Venafi provides the Immune System for the Internet® and constantly assesses which keys and certificates are trusted, protecting those that should be trusted, and fixing or blocking those that are not. By protecting the foundation of all cybersecurity-keys and certificates-Venafi prevents them from being misused by cyber criminals. The Venafi Trust Protection Platform delivers an ever-evolving, intelligent response that protects your network, business, and brand. Venafi customers are among the world's most demanding, security-conscious Global 2000 organizations, including four of the top five U.S. banks, eight of the top 10 U.S. health insurance companies and four of the top seven U.S. retailers. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Intel (News - Alert) Capital, Origin Partners, Pelion Venture Partners, QuestMark Partners and Silver Lake Partners. For more information, visit www.venafi.com.
View source version on businesswire.com: http://www.businesswire.com/news/home/20170418005085/en/ |