DevOps, IoT, and AI are the Transformative Technologies Delivering the Most Impact TodayClearly, organizations are actively engaged in technology-enabled business transformation, with 65% of respondents to the study indicating they have already implemented, or are actively discussing or trialing, DevOps. 54% of respondents say they have implemented or are discussing AI and IoT. 50% indicate that DevOps has a large impact on the business, with 42% saying AI/Machine Learning, and 40% IoT. When you layer on when these transformative technologies will impact the business, the picture becomes clearer: 60% of respondents indicate that DevOps has already become mainstream.
Cloud Adoption is AcceleratingRespondents indicate that – today – 62% of workloads are on-premises, with 34% using some form of cloud (public, private, or SaaS application). In 3 years? On-premise use is projected to drop to 44%, while cloud use jumps to 53%. Almost a total flip! With such an increase in cloud-hosted workloads expected over the next three years, it’s vital for organizations to address security issues in their hybrid environments.
Security is the Biggest Challenge – and for Good Reason… Breaches Cost!Unsurprisingly, security issues remain the number one deterrent to organizational adoption of NGTs, with 78% of respondents saying IT security is a somewhat or extremely large challenge. And, as evidenced from our survey respondents, security issues, as a result of NGTs, are happening at an alarming rate.
- 18% of respondents indicated they had a breach related to NGTs in the last 24 months that resulted in data loss
- 20% experienced a breach that resulted in an outage
- 25% saw breaches over that time period that triggered a compliance event
- One in five organizations experienced 5 or more breaches
Breaches Happen When Users Are Over-PrivilegedThe study shows that 52% of the time, breaches arise from trusted users doing inappropriate things for innocent reasons, with 13% of respondents indicating it happens often or all time! In 18% of the cases, it’s trusted insiders going rogue, and in 15% of the cases, it’s outsiders gaining privileged access to steal credentials.
Privileged Access Management Can Facilitate the Move to NGTsRespondents overwhelmingly indicate that PAM-related capabilities can improve security and adoption of next-generation technologies. Top PAM practices include controlling and governing privileged and other shared accounts (60% and 59%, respectively), enforcing appropriate credential usage (59%) and creating and enforcing rigorous password policies (55%). NGTs present incredible business opportunities, but also present significant security challenges. Privileged access management can help.
How Privileged Access Management Can Enable the Transformation to Next-Generation TechnologiesTo improve security while reaping the transformative benefits that NGTs offer, organizations should implement five privileged access management (PAM) best practices that address use cases from on-prem to cloud. #1: Discover & Inventory All Privileged Accounts and Assets: Perform continuous discovery and inventory of everything from privileged accounts to container instances and libraries across physical, virtual, and cloud environments. #2: Scan for Vulnerabilities & Configuration Compliance: For DevOps and cloud use cases, scan both online and offline container instances and libraries for image integrity. Additionally, implement configuration and baseline scanning against industry configuration guidelines and best practices from NIST, STIGS, USGCB, CIS, and Microsoft. #3: Manage Shared Secrets & Hard-Coded Passwords: Examples of shared secrets include developer access to source control, DevOps tools, test servers, and production builds. The hard-coded secrets include scripts, files, code, and embedded application credentials in DevOps tool configurations, as well as build scripts, code files, test builds, and production builds. Manage and rotate privileged passwords across the environment so that all audited activity is associated with a unique identity. Doing so adds accountability and reduces risks by closing backdoors to critical systems. Additionally, securing access to edit DevOps scripts, utilities, and refining user permissions ensure IP protection. #4: Enforce Least Privilege & Appropriate Credential Usage: Grant required permissions to appropriate build machines and images through least privilege enforcement. Securing access to edit DevOps scripts and utilities, and enforcing permissions is an essential part of least privilege. This requires first eliminating administrator privileges on end-user machines, securely storing privileged account credentials, establishing a workflow process for check-out, and monitoring privileged sessions. #5: Segment Networks: Focus on keeping roles separate and segmentation isolated between steps. This approach restricts access based on the context of the user, role, application, and data being requested, and reduces line-of light access that attackers may have into internal systems.
BeyondTrust Can HelpHow do your security and PAM practices stack up? How prepared are you for secure DevOps, cloud, and IoT? Want more detail on the five steps, including how to make them work in your enterprise? Download the results paper – or, take a look at the infographic for a summary. For more information on how BeyondTrust can help you accelerate your business transformation through the power of privileged access management, contact us today.
Scott Lang, Sr. Director, Product Marketing at BeyondTrust
Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.