Progress Software Corporation (Progress) offers software for creating and deploying business applications. Progress is headquartered in Burlington, Massachusetts with offices in 16 countries and employs approximately 2100 people.
From an organizational perspective, the company is broken down into different divisions, which have individual responsibilities, including application and digital experience, as well as creating tools and/or modules for developers. A newer division is Chef, a leading DevOps tool that was acquired by Progress about one year ago. Progress enables its customers to build high-quality software that delivers a great user experience.
Progress’ CISO, Richard Barretto, has the responsibility to drive the organization’s security strategy and increase business value through security. As the company’s security leader, Barretto works to keep the organization secure and helps prevent it from being involved in the next security breach to headline in the news. His team adds value to the business by enabling the diverse developer teams to focus on innovation and developing software, as opposed to worrying about security.
With so many divisions and teams, many of which were adopted from acquisitions, the developer teams were inundated with disparate tools and needs. However, what they have in common is a rapid growth in secrets usage, needed to access APIs and workloads. With that comes an increased risk of secret sprawl and exposed credentials.
For a while, Progress used Open Source Software (OSS) for its secrets management. But their multicloud strategy requires a central solution that the business teams can simply consume, without spending significant time and money on running and maintaining it. They evaluated many different solutions, including virtualized vaults that are hosted in the cloud. Aside from the cost, Progress determined that this approach would not solve the problem of the operational hassle of maintaining secrets management infrastructure and software updates; the problem would only partially be outsourced to an external team.
When Progress learned about Akeyless, they were attracted to the simplicity of using a true, purpose-built SaaS platform. They quickly saw the value of it being easily adopted by the different teams, with a wide range of OOTB integrations with their existing cloud services and DevOps tools. With Akeyless, these teams now have access to a centralized secrets management system that is available wherever the staff and workloads are located, regardless if they use AWS, Azure, or Google Cloud.
In addition to the increased efficiency and security for developer workflows, teams no longer have to waste cycles on maintaining the complex underlying infrastructure and patching software, etc., that’s common with traditional secrets management tools.
Because secrets management is a critical element in an organization’s infrastructure, Progress had to be sure that they could rely on the service being available whenever and wherever needed. Akeyless gave them that confidence with a multi-cloud architecture, multi-regional, highly available, and high-performance platform, that scales.
As a security leader, Richard Barretto highly values the fact that Akeyless customers maintain exclusive ownership of their keys. With cloud provider vaults, or virtualized vault instances, users have to relinquish their master keys, which increases risk as these keys, and the data they protect, can be accessed by rogue administrators, and hackers, or be handed over to the government through the CLOUD act. Akeyless provides a patented, innovative KMS technology (Akeyless DFC) that gives customers complete control and exclusive ownership of their keys, and ensures these keys never exist as a whole.
Progress saved significant time and money by moving to Akeyless. Just from the perspective of maintaining their previous Vault instances, they saved 60%–70% of overhead and simplified the workflows associated with granting employees access to the resources they need to stay productive and drive the business forward.
Check out the video interview with Richard Barretto below, as well as his KeyConf talk, and learn more about how Progress uses Akeyless to protect against secret sprawl and credential theft, as well as how it implements security best practices while enabling a productive workforce.