Story image

CyberArk & Puppet take 'secret protection' to DevOps workflows

16 Oct 17

CyberArk and Puppet are now Advanced Technology Partners and will strive to embed security modules into DevOps workflows.

The two companies announced the partnership last week, and say they will create supported modules that provide automated, enterprise-grade protection of ‘secrets’. They will also be integrated into Puppet’s configuration automation for secure DevOps workflows.

According to CyberArk, dynamic DevOps environments involve the creation, use and disablement of many tools, scripts and applications or services.

Each step requires secrets like SSH/API keys, passwords and certificates that are often unchanged or revoked. If they are not available, applications are unable to run properly.

The accounts also provide access to sensitive resources, which makes them sitting ducks for cyber attacks.

“The integrated solution provides security with a strong authentication mechanism for machines before granting secrets, as well as implementing least privilege for nodes,” comments Puppet’s vice president of business development, Tim Zonca.

CyberArk Conjur is a secrets-management platform architected for containerised environments and integrates machine identity security into projects.

It also allows DevOps teams to integrate security best practices into cloud-native application development projects while assuring security teams that best practices are being applied to dynamic environments.

“The CyberArk Conjur module for Puppet is designed with both DevOps users and security teams in mind. It provides visibility and flexibility for Puppet secrets workflows and users can view and manage host accounts maintained by Puppet,” comments CyberArk’s EVP of global business development, Adam Bosnian.

“The integration with Puppet furthers CyberArk’s commitment to automating secrets protection and makes it easier for organizations to recognize the benefits of using Puppet to improve productivity without changing the way developers work,” he continues.

CyberArk recently joined Puppet’s Technology Alliance Partner Program; while Puppet has now joined CyberArk’s global technology partner program.

CyberArk focuses on eliminating the most advanced cyber threats; those that use insider privileges to attack the heart of the enterprise and throughout the DevOps pipeline.

The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan.

Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Chch crypto-exchange Cryptopia suffers breach
Cryptopia has reportedly experienced a security breach that has taken the entire platform offline – and resulted in ‘significant losses’.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.
Carbon Black: What does cybersecurity have in store for 2019?
Tom Kellerman has shared five insights for the year ahead, including a particularly bold one.
Hands-on review: The Ekster Wallet protects your cards against RFID attacks
For some time now, I’ve been protecting my credit cards with tinfoil. The tinfoil hat does attract a lot of comments, but thanks to Ekster, those days are now happily behind me.
Report on SingHealth breach condemns poor security practices
The 2018 Singapore SingHealth data breach was poorly managed and riddled with vulnerabilities from the start.
Tesla wants people to hack its Model 3
Tesla is offering white hat hackers what could be the chance of a lifetime – the opportunity to hack one of its Model 3 vehicles.