Story image

CyberArk & Puppet take 'secret protection' to DevOps workflows

16 Oct 17

CyberArk and Puppet are now Advanced Technology Partners and will strive to embed security modules into DevOps workflows.

The two companies announced the partnership last week, and say they will create supported modules that provide automated, enterprise-grade protection of ‘secrets’. They will also be integrated into Puppet’s configuration automation for secure DevOps workflows.

According to CyberArk, dynamic DevOps environments involve the creation, use and disablement of many tools, scripts and applications or services.

Each step requires secrets like SSH/API keys, passwords and certificates that are often unchanged or revoked. If they are not available, applications are unable to run properly.

The accounts also provide access to sensitive resources, which makes them sitting ducks for cyber attacks.

“The integrated solution provides security with a strong authentication mechanism for machines before granting secrets, as well as implementing least privilege for nodes,” comments Puppet’s vice president of business development, Tim Zonca.

CyberArk Conjur is a secrets-management platform architected for containerised environments and integrates machine identity security into projects.

It also allows DevOps teams to integrate security best practices into cloud-native application development projects while assuring security teams that best practices are being applied to dynamic environments.

“The CyberArk Conjur module for Puppet is designed with both DevOps users and security teams in mind. It provides visibility and flexibility for Puppet secrets workflows and users can view and manage host accounts maintained by Puppet,” comments CyberArk’s EVP of global business development, Adam Bosnian.

“The integration with Puppet furthers CyberArk’s commitment to automating secrets protection and makes it easier for organizations to recognize the benefits of using Puppet to improve productivity without changing the way developers work,” he continues.

CyberArk recently joined Puppet’s Technology Alliance Partner Program; while Puppet has now joined CyberArk’s global technology partner program.

CyberArk focuses on eliminating the most advanced cyber threats; those that use insider privileges to attack the heart of the enterprise and throughout the DevOps pipeline.

The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan.

How to stay safe when shopping online
Online shopping is a great way to avoid the crowds – but there are risks.
Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Why data backups should be a part of daily operations
"Disaster recovery needs to address complete system failure and provide a set of security policies to govern disaster incidents."
Businesses focusing on threats from within - survey
Over 50% of respondents reported that 100 days of dwell time or more was representative of their organisation.
Corelight and Exabeam partner to improve network monitoring
The combination of lateral movement and siloed usage of point security products leaves many security teams vulnerable to compromise.
SailPoint releases first identity annual report
SailPoint’s research found that many organisations are lacking maturity in their governance processes over identities.
Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.