With multicloud, more secrets need to be tracked. Each secret is a potential vulnerability, so SaaS management comes into play. Paolo Lossa, Country Sales Director of CyberArk Italia, explains its advantages.
Relying on the cloud for some business operations was seen as cutting-edge technology, until recently. Today the cloud is more than ever essential to accelerate growth, improve efficiencies and remain competitive, so that most organizations have multiple public clouds, as well as on-premises and private cloud environments. As pointed out in research by CyberArk, 85% of respondents said they will use three or more cloud service providers by 2023.
Secret e multicloud
And developers are building more and more applications in the cloud, 71% according to the Enterprise Strategy Group (ESG) Technology Spending Intentions 2023 survey. Automation, DevOps, and the rise of cloud environments have led to an explosion of machine (or non-human) identities. Applications, cloud workloads, containers, services, and other automated tasks all require machine identities. And they are many.
Clouds and non-human identities increase, secrets also increase
All of these non-human identities use accounts, credentials, and secrets to access critical systems and resources and do their jobs. And the number of secrets to manage is increasing. This means security teams need to track more secrets, distributed across a variety of environments: public cloud, private cloud, and on-premises. All with different storage, access and management methods.
The example of Uber
Each secret is a potential vulnerability, as attackers can use the compromised ones to gain access to critical systems and resources. The 2022 Uber breach is just one recent example. In this case the hard-coded secrets for a privileged access management (PAM) solution were directly incorporated and exposed in a PowerShell script that the attacker used to gain administrator access to all secrets stored in the system.
Secret and multicloud, what are the advantages of SaaS management
This becomes a real frustration for security teams as organizations continue to migrate to the cloud and transform. In addition, having to move applications from one environment to another can also become a hassle for development and security teams. Whereas many security divisions lack the bandwidth required to separately manage secrets in each environment and tool where they are stored or to implement and maintain a self-hosted secret management solution. This is where the management of SaaS secrets comes into play.
Five Benefits of SaaS Secret Management
A SaaS-based centralized secret management solution helps solve many problems for security and development teams operating in hybrid or multicloud environments.
Reduces vault proliferation. When working in multiple cloud or hybrid environments, the number of separate vaults for credentials and secrets can quickly become excessive. A centralized secret management solution can provide a single pane of glass to work from. This saves security teams from digging into each individual vault to rotate and manage passwords and collate information from multiple vaults to create an audit trail. Secret and multicloud Enables portability to the cloud. Part of the cloud’s power is that it allows developers to build and deploy applications quickly. However, by relying on the native secret management capabilities of the platform on which the application is built, you are locked into using that platform, and this becomes a problem if you need to move an application from one environment to another. With a centralized secret management solution, applications can be built on any cloud platform developers choose for any specific use case. Or move them from cloud to cloud or from on-prem to cloud without creating an additional workload to manage the secrets used in those applications and without having to rewrite applications for a new cloud.
Operate in one system
Provides a consistent experience for security teams and developers. Instead of having security teams learn different secret management platforms (which can take extra time and resources), a centralized solution allows you to enforce policies in a unified way, working in one system. This saves time and money on training (without having to worry about adding more staff to support each cloud provider). So the security team can focus on delivering business value.
Save time and money
Automate rotation and other security policies. A centralized SaaS-based solution allows you to automate once-manual tasks. Such as the rotation of secrets and the application of certain security policies. This saves security teams time, especially given the large number of secrets and identities that need to be rotated among multiple cloud service providers on a regular basis.
Accelerate time-to-value and free up resources. A SaaS-based solution also allows you to take advantage of the cloud for secret management software. Security teams don’t have to worry about managing and maintaining their own management solution (or multiple solutions). Instead, they can focus their time and attention on the critical security tasks they need to get done.
The conclusion
The increase in the number of cloud and hybrid environments doesn’t have to add extra work to security teams or developers. Centralizing secret management with a SaaS-based solution can ease the task and allow teams to harness the full power of cloud environments.