Failing to keep company secrets such as credentials, API tokens and SSH keys secure is costing organizations millions each year according to a new report from the business password management company 1Password.
After launching its Secrets Automation offering back in April, the company decided to survey 500 IT and DevOps businesses in the US to learn more about how they secure the secrets that power their digital infrastructure in order to compile its new “Hiding in Plain Sight” report.
The high-tech ecosystems used by today’s businesses involve thousands of vulnerable secrets which are often spread out across multiple services with little or no visibility or auditability. To avoid falling victim to a data breach, these secrets must be encrypted and delivered to machines and services safely.
However, 1Password’s report shows there is still a lot of progress to be made when it comes to securing secrets. Of the companies surveyed, 80 percent admit to not managing their secrets well with 52 percent of IT and DevOps workers citing the rapid growth of cloud computing apps as the main reason secrets have become more difficult to manage in recent years.
Risk of a data breach
Organizations that lack a dedicated secrets management solution or framework are left to deal with secrets in a haphazard manner and end up spending 25 minutes per day on secrets management alone at a collective cost $8.5bn per year as a result.
According to 1Password though, the greater threat is the increasing danger of having their secrets exposed in a data breach. Of the organizations surveyed, 60 percent have experienced secrets leakage of some kind and more than three in four IT and DevOps workers still have access to their former employer’s infrastructure secrets. Losing secrets can be quite costly for organizations with enterprise businesses spending an average of 1.2m each year due to leaked details.
Secrets sprawl is another big concern as 25 percent of respondents have secrets located in 10 or more different locations. To make matters worse, 50 percent of individual contributors in IT or DevOps roles say they don’t know how many different locations their secrets can be found in as there are too many to count.
CEO of 1Password Jeff Shiner provided further insight on the company’s report and the current state of secrets management in a press release, saying:
“Secrets are now the lifeblood for IT and DevOps as they seek to support the explosion of apps and services now required in the modern enterprise. Our research reveals that secrets are booming, but IT and DevOps teams are not meeting rigorous standards to protect them — and in the process are putting organizations at risk of incurring tremendous cost. It’s time for companies to take a hard look at how they manage secrets, and adopt practices and solutions to ‘put the secret back into secrets’ to support a culture of security.”
