SecurityBrief NZ - CyberArk & Puppet take 'secret protection' to DevOps workflows

ThinkstockPhotos-622444940.jpg

CyberArk & Puppet take 'secret protection' to DevOps workflows

CyberArk and Puppet are now Advanced Technology Partners and will strive to embed security modules into DevOps workflows.

The two companies announced the partnership last week, and say they will create supported modules that provide automated, enterprise-grade protection of ‘secrets’. They will also be integrated into Puppet’s configuration automation for secure DevOps workflows.

According to CyberArk, dynamic DevOps environments involve the creation, use and disablement of many tools, scripts and applications or services.

Each step requires secrets like SSH/API keys, passwords and certificates that are often unchanged or revoked. If they are not available, applications are unable to run properly.

The accounts also provide access to sensitive resources, which makes them sitting ducks for cyber attacks.

“The integrated solution provides security with a strong authentication mechanism for machines before granting secrets, as well as implementing least privilege for nodes,” comments Puppet’s vice president of business development, Tim Zonca.

CyberArk Conjur is a secrets-management platform architected for containerised environments and integrates machine identity security into projects.

It also allows DevOps teams to integrate security best practices into cloud-native application development projects while assuring security teams that best practices are being applied to dynamic environments.

“The CyberArk Conjur module for Puppet is designed with both DevOps users and security teams in mind. It provides visibility and flexibility for Puppet secrets workflows and users can view and manage host accounts maintained by Puppet,” comments CyberArk’s EVP of global business development, Adam Bosnian.

“The integration with Puppet furthers CyberArk’s commitment to automating secrets protection and makes it easier for organizations to recognize the benefits of using Puppet to improve productivity without changing the way developers work,” he continues.

CyberArk recently joined Puppet’s Technology Alliance Partner Program; while Puppet has now joined CyberArk’s global technology partner program.

CyberArk focuses on eliminating the most advanced cyber threats; those that use insider privileges to attack the heart of the enterprise and throughout the DevOps pipeline.

The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan.

Interested in this topic?
We can put you in touch with an expert.

Follow Us

Featured

next-story-thumb Scroll down to read: