The lack of the security team’s involvement in the creation and permissioning of developers’ secrets poses a significant challenge when it comes to safeguarding the organization, warned Steve Johnson, vice president of sales at Entro Security.
Why do adversaries find exploiting these secrets so attractive? In Johnson’s view, the appeal is that a secret can be just a string of characters, but once exposed it can unlock broad access to critical systems and sensitive data inside the organization.
Organizations need to implement secrets management best practices, starting with vault usage and governance over the many vaults created throughout the enterprise. Entro helps customers ensure adherence to security processes, gain oversight into all areas where secrets are shared, and reduce the overall attack surface.
Key discussion points
- Hurdles organizations face when trying to gain visibility into developers’ secrets
- How Entro addresses issues related to vault use in organizations
- How teams can overcome challenges associated with securing developers’ secrets
Johnson brings more than 20 years of experience in computer and network security, with a background spanning security engineering, channel leadership, and emerging products.