Many organizations don’t enforce proper security measures in their DevOps environments, putting both the company and the product at risk. This is according to a new report by Venafi looking into security practices among DevOps adopters.
Using the same passwords for multiple machines or not even bothering to secure communications between machines are some of the most common issues, usually among organizations in the middle of adopting DevOps practices.
However, even organizations that say their DevOps practices are “mature” still make these rookie mistakes.
Just over half (53 percent) of respondents in the middle of adopting DevOps claim security measures are enforced consistently. Among more mature environments, the percentage goes up to 82.
Among mature DevOps organizations, 62 percent consistently replace development and test certificates with production certificates when code rolls into production. For those that are just adopting DevOps, it’s just over a third (36 percent).
Almost nine in ten (89 percent) of respondents from mature environments say their DevOps teams are aware of the security controls necessary to protect their organizations from attacks. Among those just adopting DevOps, the number falls down to just over half (56 percent).
“It’s clear that most organizations are still struggling with securing the cryptographic keys and digital certificates used to uniquely identify machines,” said Kevin Bocek, chief security strategist for Venafi. “Although DevOps teams indicate that they understand the risks associated with TLS/ SSL keys and certificates, they clearly aren’t translating that awareness into meaningful protection. This inaction can leave organizations, their customers and partners extremely vulnerable to cryptographic threats that are difficult to detect and remediate.”
More information about Venafi’s latest study can be found on this link.
Photo Credit: anathomy/Shutterstock