In DevOps environments, new cloud applications and feature delivery happen in real time. Unfortunately, so do cloud exploits, where threat actors are increasingly exploiting privileged access vulnerabilities in IaaS, PaaS, and SaaS environments. But while baking security directly into your CI/CD processes is increasingly critical to your business and its overall security strategy, it simply cannot be a bottleneck to agile application development and quick time-to-market. It must accelerate DevOps processes, not impede them.
The merging of information security (infosec) with DevOps - DevSecOps - is now front of mind for many enterprises as a result of high profile cyber attacks Twitter, Marriott International, and SolarWinds gaining broad media attention. What these exploits have in common is the abuse of privileged access - ranked the number one preferred point of entry for malicious actors according to Gartner. The research firm predicts 75 percent of security failures will be connected to the “inadequate management of identities, access and privileges” by 20231.”