CISOs often walk a tightrope between managing rising cybersecurity costs and ensuring adequate investment in robust security measures. Balancing these priorities is increasingly critical, especially today when breaches have catastrophic financial and reputational repercussions.
Let’s talk numbers for a second. IBM’s Cost of a Data Breach Report 2023 states that the global average cost of a data breach in 2023 was $4.45 million, a significant 15% increase compared to three years ago. The report also reveals that stolen or compromised credentials were responsible for 15% of breaches, making it the second biggest root cause. In other research, 18,000 unique API secrets of large organizations like OpenAI, Stripe, and AWS were exposed, accounting for a loss of $20M across these organizations. With the rise of AI and collaboration platforms like Hugging Face, new kinds of threats arise. Hugging Face has led to the exposure of 1,500 API keys of organizations like Meta, and Google. These exposed tokens are being used to poison AI data, or even steal and re-train AI models outside the parent organization.
When secrets and non-human identities are improperly managed, stored, or accessed, they become prime targets for threat actors seeking to exploit vulnerabilities. But as the saying goes, an ounce of prevention is worth a pound of cure. Or in this case, a byte of prevention is worth a terabyte of cure!
Implementing a comprehensive non-human identities and secrets management strategy, one that includes best practices such as least privilege access, regular rotation, and granular auditing, significantly reduces the risk of secrets falling into the wrong hands. Well-planned and executed secrets management can mitigate the likelihood of costly incidents and their repercussions.
In this blog post, we will dig deeper into how non-human identities and secrets management reduce cybersecurity costs and the best practices needed for good secrets management.
Enterprise Security for AI Agents & Non-Human Identities
How does effective secrets management reduce cybersecurity costs?
While some may argue that implementing a sophisticated secrets management strategy requires extensive investment, the truth is that the long-term benefits far outweigh the initial costs. In fact, a well-designed NHI and secrets management solution can help CISOs optimize their security budgets by streamlining processes, reducing manual effort, and minimizing the financial impact of potential incidents.
More precisely, here’s how good secrets management cuts cybersecurity costs:
1. Protects against costly breaches
The 2023 IBM report also shared that the average cost of a data breach caused by compromised credentials was a staggering $4.62 million! Foolproof secrets management mitigates these costs by significantly reducing the risk of unauthorized access to critical systems and data. By securely storing, rotating, and monitoring sensitive credentials, organizations can minimize the attack surface and limit the potential damage caused by compromised NHI such as access tokens, API keys, encryption keys, etc.
A robust management solution also empowers organizations to proactively combat insider threats, which often involve the misuse of privileged credentials. The Ponemon Institute’s 2023 Cost of Insider Threats Global Report reveals that 20% of outsmarted insider incidents involved stolen credentials, with an average annualized cost of $4.2 million.
Implementing secrets management with best practices like granular access controls, continuous monitoring, and detailed audit trails helps security teams quickly identify and respond to suspicious activities, preventing costly insider incidents before they escalate. This proactive approach not only helps organizations avoid the direct costs associated with insider threats but also reduces the indirect costs like reputational damage and lost business opportunities.
2. Helps meet compliance requirements and avoid penalties
Data protection regulations like GDPR, HIPAA, and PCI-DSS mandate that organizations implement robust security measures to safeguard sensitive data, including personally identifiable information (PII) and protected health information (PHI). While these regulations may not explicitly mention secrets management, their requirements for data security, integrity, and privacy necessitate a comprehensive approach to managing secrets.
For instance, GDPR’s principles of data protection by design and by default, as well as its requirements for verifiable audit trails and access controls, are closely tied to effective secrets management practices.
HIPAA’s Security Rule requires covered entities to implement administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of PHI. These safeguards, such as access controls, audit controls, and transmission security, directly relate to the secure management of secrets like encryption keys used to protect PHI.
Non-compliance with these regulations can lead to severe financial penalties, legal repercussions, and damage to an organization’s reputation. Investing in a comprehensive non-human identities and secrets management solution helps avoid these costly penalties and ensures continuous compliance.
3. Prevents secret sprawl in cloud and hybrid environments
Secret sprawl occurs when secrets are scattered across multiple systems, applications, and platforms without a unified management framework. This fragmentation makes it difficult to maintain visibility, control access, and ensure proper secret lifecycle management, which in turn, increases cybersecurity costs due to manual efforts and wasted human capital to manage the sprawl.
Effective secrets management prevents secret sprawl by centralizing the storage and access of sensitive information within secure, controlled environments. Secrets management tools and best practices ensure that secrets are encrypted, access is restricted to only authorized users and systems, and usage is monitored and audited. This enhances security and lowers cybersecurity costs by reducing the potential for breaches and minimizing the effort required for secrets rotation and management.
How to reduce cybersecurity costs with good secrets management?
We have made the case by now–the financial impact of poor secrets management can be substantial, with the average cost of a data breach reaching millions of dollars.
However, organizations can take proactive steps to minimize loss by implementing effective secrets management strategies. Here are four tips for security teams to reduce cybersecurity costs with good secrets management:
1. Invest in an efficient secrets management tool
Implementing a comprehensive non-human identities and secrets management solution can significantly reduce the burden on IT employees by automating repetitive tasks and minimizing manual secrets handling. For example, by using a secrets management platform with built-in integration capabilities, IT teams can automatically grant and revoke access to secrets based on predefined policies and eliminate the need for manual intervention.
A robust non-human identities management tool like Entro also helps IT staff quickly identify and respond to potential issues, such as unauthorized access attempts or anomalous behavior, without having to navigate through multiple disparate systems. This increased efficiency allows CISOs to optimize their IT workforce, allocate resources more efficiently, and ultimately reduce cybersecurity costs without compromising on security.
2. Automate rotation to minimize exposure and incident costs
In October 2022, Toyota revealed it had accidentally exposed a credential granting access to customer data for almost five years, from 2017 to 2022. The secret was left in a public GitHub repository and likely compromised the data of nearly 296,000 customers. If they had a robust secrets rotation strategy in place, they could have minimized the prolonged unauthorized access.
The goal of secrets rotation is to reduce the risk of unauthorized access in case a secret is compromised. Even if a secret is leaked or stolen, its usefulness is limited because it will be changed soon after.
Best practices for secrets rotation include:
- Using dynamic secrets with a limited lifespan of days not years
- Monitoring and auditing secrets usage to detect anomalies and unauthorized access attempts
- Using a two-secrets strategy where both old and new secrets remain active during the rotation process
3. Centralize secrets to reduce management overhead
Consolidating NHIs and secrets management into a single, secure platform eliminates the need for multiple siloed systems, each requiring its own infrastructure, storage, and maintenance. This consolidation leads to significant cost savings on hardware, software licenses, and cloud services.
Moreover, a centralized secrets management solution enables organizations to scale their secrets management infrastructure as their needs grow without incurring excessive costs. This scalability is particularly crucial for organizations operating in dynamic, fast-paced environments where the volume and complexity of secrets continue to increase.
4. Implement automated secrets discovery to minimize exposure risks
A robust secrets management strategy starts with gaining full visibility into your organization’s secrets landscape. It’s a good practice to implement automated secrets discovery tools like Entro that scan across various locations, including vaults, code repositories, CI/CD pipelines, cloud services, and collaboration platforms.
These tools should provide a comprehensive inventory of secrets and non-human identities, their locations, and the associated risks. By identifying secrets stored in non-secured locations or exposed in code and configurations, security teams can prioritize remediation efforts and minimize the risk of costly breaches. Regularly performing secrets discovery ensures that organizations are well-equipped to proactively address potential vulnerabilities and maintain a strong security posture.
The point of all this is that lowering cloud spend is not just about reducing the cloud resources being used. A keen focus on security, particularly secrets security can help not just secure your organization’s cloud estate, but save on huge monetary losses in the event of a breach. Secure your secrets and avoid the costly penalty of a secret exposure.
