This post was written based on the work of Fahmy Khadiri, Technical Sales Account Manager at Akeyless, in his voice. Introduction In this blog post, I’ll be walking you through Kubernetes authentication and secrets injection using native Kubernetes constructs and the Akeyless Secrets Injection Webhook to fetch secrets from Akeyless Vaultless® Platform into your Kubernetes […]
DevOps
Securing Privileged User Accounts with Rotated SecretsOverview One of the most sensitive secrets in your organization is without a doubt the credentials for your superuser accounts. These accounts, such as the root account for a Linux server, the Administrator account for a Windows server, or the Admin accounts for a network device, have virtually unlimited privileges. Anyone with the credentials for […]
Security
Adapting Identities and Secrets To The Changing State of CybersecurityAkeyless was honored to have former NSA Director, Admiral Mike Rogers, open the sessions at KeyConf NYC’21. In his impressive career, Admiral Rogers held key positions around the globe, focusing on cyber, intelligence, and national security. From his expert vantage point, he presented his insights on the current state of cybersecurity, and what organizations need […]
Security
How to Win at Zero TrustThe recent KeyConf NYC’21 event featured a very interesting session, presented by none other than former Forrester analyst, Dr. Zero Trust, Dr. Chase Cunningham. He showed the audience how Zero Trust is sometimes overthought and when you apply the most important and fundamental Zero Trust steps, you start winning at security, in big numbers. Zero […]
News | Security
The Log4j VulnerabilityExecutive summary: The Akeyless Vaultless® Platform is not impacted by the log4j vulnerability Recently, a zero-day vulnerability (CVE-2021-44228) was discovered in the popular Apache Log4j logging library, which could allow an attacker full remote code execution. Many enterprise apps and cloud services use this common logging library. Apache has since released a security update and […]
DevOps
Akeyless Kubernetes External KMS Plugin for Secrets EncryptionTL;DR Akeyless added support for Kubernetes data encryption at rest, and is now available for use in your own Kubernetes cluster! Check it out here! First Things First: Some Context Kubernetes, as an infrastructure management solution, allows the creation of various resources, including Pods (servers), Persistent Volumes (storage), Services (load balancers), and others. You can […]
News
Looking back at KeyConf NYC’21Our very first KeyConf event came to an end here in New York City, and it was a blast! After a day filled with valuable insights from leading security professionals, KeyConf marks a phenomenal year for Akeyless. Co-founder and CEO Oded Hareven shared on stage: “We’re excited about the traction we’ve seen and the number […]
News
KeyConf 2021 Is Here! Secrets Management ReimaginedModern enterprises need to be increasingly dynamic to keep their competitive advantage. They now have many teams using workloads and data to support their DevOps, Cloud Transformation, and Zero Trust Access initiatives. And all these workloads, users, and tools use secrets to communicate securely. It is clear that the increase in secrets usage has gone […]
Security
Redefining Root of Trust For The Cloud Era (Part 2)Cloud computing has brought irreversible changes and improvements to the way we share information and conduct business. However, it has also introduced new cybersecurity threats, that if left unaddressed, can result in irreversible damage to a company’s reputation and position in the market. Encryption has been used as a primary defense against data theft, whether […]
Security
Redefining Root of Trust For The Cloud Era (Part 1)In the digital world, cryptographic solutions use encryption keys to secure data at rest, data in use, and data in transit. They are responsible for encrypting and decrypting the data, validating identities by authenticating users and devices, and securing transactions with digital signatures and certificates. Beneath the complex world of encryption use cases and algorithms […]
Security
The Case For Just-In-Time Credentials and Zero Trust Access: Fortinet VPN Credentials CompromisedOn September 8 2021, a threat actor released a list with half a million username and passwords for Fortinet VPN deployments. This is very concerning, as the attacker claims a large portion of these credentials are still valid. As a result, it is now easy for a threat actor to launch a customized campaign, targeting […]
Security
Next Gen Root of Trust To Secure Cryptographic Keys Across The Hybrid Multi-CloudIn our recent article “Are your cryptographic keys truly safe? Root of Trust redefined for the cloud era” featured in HelpNetSecurity, we discussed how the objective of a Hardware Security Module (HSM) is to ensure that the keys it stores cannot be compromised. When the safety of the keys in an HSM can be assured, […]
