Secure DevOps

Maintain business agility with secure DevOps

Security is often an afterthought, or even a casualty, of the speed and tools of DevOps environments. While DevOps can achieve shortened development cycles through automation and by leveraging the scalability of the cloud, it can also “automate insecurity” creating critical security gaps. Privileged accounts used for DevOps processes are equipped with an unnecessarily high level of standing privileges, violating the Principle of Least Privilege and opening a significant vulnerability. This is particularly true in the DevOps world due to:

• Sharing secrets, insecure code, hardcoded passwords, and other privilege exposures
• Scripts or vulnerabilities in CI/CD chain which can sabotage code automatically or deploy malware
• Misconfigurations, vulnerabilities, and other weaknesses in containers
• Excessive provisioning of privileges across the DevOps landscape

DevOps and Privileged Access Management

The WALLIX Bastion PAM solution enables IT departments to protect privileged access by managing how privileged accounts operate. Whether user or application, instead of connecting directly to the machine to be configured, an administrator must go through the Bastion which takes charge of verifying that privileged accounts’ rights before authorizing and recording a connection to the machine.

The Bastion thus secures access to organizations’ critical machines (central servers, routers, firewalls, etc.) for all enterprise resources including business applications, industrial machinery control chains, and databases containing sensitive information (personal data, manufacturing secrets, etc.).

• The Password Manager secures passwords and SSH keys in a certified vault and manages administrator password rotation within the infrastructure.
• Application-to-Application Password Management (AAPM) encrypts credentials to effectively control and secure DevOps tools’ connections to resources. AAPM secures DevOps activities without affecting productivity.

The Benefits of PAM for DevOps

• Eradicate hard-coded passwords from your environment
• Provide credentials for scripts and applications to authenticate or execute services with elevated privileges
• Grant DevOps tools protected access to accounts and credentials for populating systems
• Use advanced APIs in your administrative workflows to securely extract accounts and credentials
• Automate credential rotation so that even if they are intercepted, they can’t be reused
• Run session scripts to automate administration on target systems

Control and trace privileged access to ensure that only the right person or the right process can access a system to run an authorized action, without compromising speed and agility in DevSecOps.