www.helpnetsecurity.com
Open in
urlscan Pro
35.81.17.152
Public Scan
URL:
https://www.helpnetsecurity.com/2021/06/23/companies-manage-secrets/
Submission: On February 01 via api from NL — Scanned from NL
Submission: On February 01 via api from NL — Scanned from NL
Form analysis 2 forms found in the DOM
Name: searchform — GET https://www.helpnetsecurity.com/
<form id="searchform" name="searchform" class="searchform" method="get" action="https://www.helpnetsecurity.com/" role="form">
<div class="input-group">
<input type="search" name="s" id="headerSearchField" class="form-control" placeholder="What are you looking for?" aria-label="Search" value="" tabindex="1">
<span class="input-group-append">
<button class="btn btn-search input-addon-item" type="submit" id="headerSearchSubmit" tabindex="2"><svg class="hic">
<use xlink:href="#hic-search"></use>
</svg></button>
</span>
</div>
</form>POST
<form id="mc4wp-form-1" class="mc4wp-form mc4wp-form-244483 mc4wp-ajax" method="post" data-id="244483" data-name="Footer newsletter form">
<div class="mc4wp-form-fields">
<div class="hns-newsletter">
<div class="hns-newsletter__top">
<div class="container">
<div class="hns-newsletter__wrapper">
<div class="hns-newsletter__title">
<i>
<svg class="hic">
<use xlink:href="#hic-plus"></use>
</svg>
</i>
<span>Cybersecurity news</span>
</div>
</div>
</div>
</div>
<div class="hns-newsletter__bottom">
<div class="container">
<div class="hns-newsletter__wrapper">
<div class="hns-newsletter__body">
<div class="row">
<div class="col">
<div class="form-check form-control-lg">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="520ac2f639" id="mcs1">
<label class="form-check-label text-nowrap" for="mcs1">Daily Newsletter</label>
</div>
</div>
<div class="col">
<div class="form-check form-control-lg">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="d2d471aafa" id="mcs2">
<label class="form-check-label text-nowrap" for="mcs2">Weekly Newsletter</label>
</div>
</div>
</div>
</div>
<div class="form-check form-control-lg mb-3">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="28abe5d9ef" id="mcs3">
<label class="form-check-label" for="mcs3">(IN)SECURE - monthly newsletter with top articles</label>
</div>
<div class="input-group mb-3">
<input type="email" name="email" id="email" class="form-control border-dark" placeholder="Please enter your e-mail address" aria-label="Please enter your e-mail address" aria-describedby="hns-newsletter-submit-btn" required="">
<button class="btn btn-dark rounded-0" type="submit" id="hns-newsletter-submit-btn">Subscribe</button>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="AGREE_TO_TERMS" value="1" id="mcs4" required="">
<label class="form-check-label" for="mcs4">
<span>I have read and agree to the <a href="https://www.helpnetsecurity.com/newsletter/" target="_blank" rel="noopener" class="d-inline-block">terms & conditions</a>
</span>
</label>
</div>
</div>
</div>
</div>
</div>
</div><label style="display: none !important;">Leave this field empty if you're human: <input type="text" name="_mc4wp_honeypot" value="" tabindex="-1" autocomplete="off"></label><input type="hidden" name="_mc4wp_timestamp"
value="1675245833"><input type="hidden" name="_mc4wp_form_id" value="244483"><input type="hidden" name="_mc4wp_form_element_id" value="mc4wp-form-1">
<div class="mc4wp-response"></div>
</form>Text Content
searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus * News * Features * Expert analysis * Videos * Reviews * Events * Whitepapers * Industry news * Product showcase * Newsletters * * * Help Net Security June 23, 2021 Share IT’S TIME FOR COMPANIES TO TAKE A HARD LOOK AT HOW THEY MANAGE SECRETS Leaked infrastructure secrets – code, credentials and keys – which are exposed accidentally or intentionally cost companies an average of $1.2 million in revenue per year, according to a report from 1Password. The report explores how organizations are managing the explosion of sensitive information, the prevalence of secrets management shortcomings and the severe impact on the bottom line, including damaged corporate reputation, alienated customers and delayed product cycles. “Secrets are now the lifeblood for IT and DevOps as they seek to support the explosion of apps and services now required in the modern enterprise” said Jeff Shiner, 1Password CEO. “Our research reveals that secrets are booming, but IT and DevOps teams are not meeting rigorous standards to protect them – and in the process are putting organizations at risk of incurring tremendous cost. It’s time for companies to take a hard look at how they manage secrets, and adopt practices and solutions to ‘put the secret back into secrets’ to support a culture of security.” SECRETS ARE EVERYWHERE Today, 65% of IT and DevOps employees estimate their company has more than 500 secrets – and 18% say they have more than they can count. * Managing secrets is expensive: IT and DevOps spend an average of 25 minutes each day managing secrets, at an estimated payroll expense of $8.5B annually across companies in the US. * More apps, more secrets: 51% of IT/DevOps workers say their time spent managing secrets has increased in the last year, and for 10% it’s more than doubled. LOOSE SECRETS SINK ENTERPRISES 1Password’s research found that losing control of secrets can damage many aspects of enterprise operations and undermine the bottom line. * Financial pain: IT/DevOps workers whose company lost control of secrets said their company lost, on average, $1.2M. Ten percent of IT/DevOps who experienced secrets leakage said their company lost more than $5M – amounting to billions across the national economy. * Bad business side effects: 40% of IT/DevOps workers at organizations who’ve experienced secrets leakage report brand reputation damage; 29% say it led to lost clients. * Product delays: IT/DevOps shared that 61% of projects are delayed due to poor secret management. * Ex-employee risk factor: 77% of IT/DevOps workers say that they still have some amount of access to their former with 37% saying that they still have full access. MANAGE SECRETS 52% of IT and DevOps workers say that the explosion of cloud applications has made managing secrets more difficult. * IT/DevOps are too busy to keep secrets: The very people that should be keeping secrets aren’t making it a priority; 80% of employees of IT/DevOps organizations admit to not managing their secrets well. * Secrets, secrets everywhere: 25% of employees at IT/DevOps companies have secrets in 10 or more different locations and have shared with colleagues via insecure channels – email (59%), chat services such as Slack (40%), spreadsheets/shared documents (36%) and text (26%). * Undermining the enterprise: IT/DevOps employees report that poorly managing enterprise secrets wastes time (48%), delays projects (38%), frustrates employees (36%) and disrupts workflows (33%). SLOPPY SECRETS IT and DevOps employees are concerned about the consequences of their companies not doing enough to secure their secrets. However, IT and DevOps employees also admit to being careless when sharing secrets, opening the door to potential leaks. * Wash, rinse, repeat: 64% of IT/DevOps workers admit to reusing enterprise secrets between projects. * Passing notes around the server room: 36% of IT/DevOps workers say they’ll share secrets over insecure channels to increase productivity and speed. * Enforcement issues: 97% of IT/DevOps workers report their organization has a policy in place for enterprise secrets generation, but just 36% say their company is strict with its policy enforcement. * Terror time: 51% of IT/DevOps workers have explicit fears with the way their company currently handles secrets. BOSSES ARE THE “LEAK” LINK Those with most at stake – managers and VPs – are more likely to circumvent security policies, reuse secrets and access production systems without permission. * Convenience over security: Sixty-three percent of team leads and managers and 67% of VP and above have ignored or worked around company security policies to meet COVID-19 work demands–nearly triple the rate of individual IT/DevOps contributors (25%). * VPs are double the trouble: 81% of IT/DevOps VPs and above have reused secrets between projects, compared to 65% of team leads and managers. VPs and above are twice as likely to reuse secrets as individual contributors (39%). More about * 1Password * CISO * cloud adoption * credentials * cyber risk * cybersecurity * data leak * DevOps * report * security practices * survey Share this FEATURED NEWS * As the anti-money laundering perimeter expands, who needs to be compliant, and how? * The future of vulnerability management and patch compliance * Attackers used malicious “verified” OAuth apps to infiltrate organizations’ O365 email accounts Guide: How virtual CISOs can efficiently extend their services into compliance readiness SPONSORED EBOOK: 4 WAYS TO SECURE PASSWORDS, AVOID CORPORATE ACCOUNT TAKEOVER HERE’S THE DEAL: UPTYCS FOR ALL OF 2023 FOR $1 2022 CLOUD DATA SECURITY REPORT DON'T MISS PHOTOS: CYBERTECH TEL AVIV 2023 AS THE ANTI-MONEY LAUNDERING PERIMETER EXPANDS, WHO NEEDS TO BE COMPLIANT, AND HOW? THE FUTURE OF VULNERABILITY MANAGEMENT AND PATCH COMPLIANCE ATTACKERS USED MALICIOUS “VERIFIED” OAUTH APPS TO INFILTRATE ORGANIZATIONS’ O365 EMAIL ACCOUNTS CRITICAL QNAP NAS VULNERABILITY FIXED, UPDATE YOUR DEVICE ASAP! (CVE-2022-27596) Cybersecurity news Daily Newsletter Weekly Newsletter (IN)SECURE - monthly newsletter with top articles Subscribe I have read and agree to the terms & conditions Leave this field empty if you're human: © Copyright 1998-2023 by Help Net Security Read our privacy policy | About us | Advertise Follow us ×