Why secret security needs to be reinvented

Itzik Alvas, Co-founder & CEO, Entro
March 14, 2023

I started my career in the cyber Industry over 15 years ago in the elite cyber intelligence division of the Israeli army. I gained extensive knowledge and understood how an attacker thinks. Attackers are always trying to reach the organizational Crown Jewels. These Crown Jewels are called secrets and refer to sensitive information such as passwords, private keys, API keys, and other credentials.

Once an attacker owns your secret, It’s GAME  OVER. He will use it to create more secrets and permissions and keep breaching your business in endless waves.

 

The Cloud is growing …and growing and…. growing and growing …..

The cloud is continuously swerving as it gradually adopts new technologies. Enterprises are increasingly adopting new cloud services. The pace of deploying cloud services by the R&D teams, with shifting skill sets, can cause any CISO and security team to lose control over their environment. According to a recent Gartner research, organizations use many cloud services, and the number of different cloud services per organization will keep growing.

 

Security teams have no oversight over secrets.

Secrets are complex; They are constantly created in various forms by the R&D teams without any security oversight. Organizations create hundreds of secrets of different types, resulting in a situation where the application threat model is impossible to maintain.

 

Vaults are not the solution.

Vault solutions were designed to be an encrypted database for the R&D to store secrets. Vaults were never intended to solve the problems of gaining visibility and protecting secrets. This mismatch between the problem and the solution has left secrets and the organizations that hold them vulnerable, turning secrets security into one of the biggest battlefronts. One of the biggest challenges facing CISOs today is how to keep secrets secure.

 

So what is the solution?

Having seen the issue described up close when leading the operations and security at Microsoft, I was determined to find a better model.

As odd as it may seem, until very recently, the approach to secrets security has been hoping the R&D teams “are doing a great job.” This is no joke. It is the reality in many organizations.

This is no solution. A much higher dynamic standard is needed—the need to fine-tune the tools and reinvent the approach to secrets security.

The solution is a holistic secrets security platform explicitly designed for CISOs, providing oversight and management of secrets everywhere across code, messaging channels, wikis, Vaults, CI/CD, cloud assets, and more.

Want the secret sauce to secret security?  Please contact us

Reclaim control over your secrets

Get updates

All secret security right in your inbox

Want full security oversight?

See the Entro platform in action