AKEYLESS BLOG

Cloud Service Providers (CSPs) such as Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP) have enabled the widespread move of organizations to the cloud.  Using workloads in the cloud accelerates an organization’s key initiatives such as mobility, collaboration tools, scale-out apps, and business continuity. These workloads need to communicate with other workloads, or […]

Explore the Akeyless Kubernetes plug-in and how you can use it to achieve enterprise-level security for Kubernetes secrets.

As explained in a recent blog post, Software Supply Chain Attacks are prevalent in today’s corporate infrastructures. In a supply chain attack, attackers make their way into the chain of resources that make up the final software product, frequently by abusing valid credentials they obtained due to careless programming practices (Secret Sprawl). Once they have […]

Insider threats are one of the most difficult risks for security teams to manage because most employees require some level of trust and privileges to perform their roles. Managing this risk involves detecting and containing the undesirable behavior of trusted accounts in the organization. This undesirable behavior often goes undetected for a long time.  Insider […]

A software supply chain attack is a cyber attack where less secure elements in the chain such as third-party networks or code repositories are compromised by attackers as a means to embed hidden malware, which then finds its way into the infrastructures of organizations that use the final software. In these attacks, attackers try to […]

Kubernetes is a popular open source tool for automating application development. While Kubernetes includes a basic solution for keeping secrets (passwords, tokens, or keys), most organizations need an extra layer of management and security to streamline development and protect against leaks.  Let’s take a deeper look at what Kubernetes provides and how you can easily […]

Security is often an afterthought when it comes to designing and developing applications. Josh Grossman, CTO at Bounce Security and OWASP Israel Board member, talked to me about practical ways to build security into applications and the software development lifecycle. In this interview, we talk about OWASP and the open resources it provides for software […]

Policy-as-code is a relatively new methodology of managing and automating security policies through code. Eran Bibi, co-founder and CPO of Firefly and former R&D Director of Aqua Security, talked with me about how DevOps engineers can harness the power of policy-as-code to validate and secure their cloud deployments. In this interview, we talk about how […]

Expand your Akeyless monitoring activities by automatically forwarding your Akeyless logs to Datadog for ongoing alerts of outlying behaviors. Learn how in this blog post.

Startups have a different makeup than large organizations. Their DNA is just different as they are more lean and agile. This offers startup developers the ability to shift their security as far left as possible and make the right moves from the beginning to secure their infrastructure and applications. However, not all startups have a […]

Adversaries have many devious ways to get access to an organization’s data, for different reasons, including data theft or ransom. Many of their actions can be categorized in different steps as part of a concept known in cyber security as a kill chain. Meanwhile, security teams are looking for ways to break this chain, and […]