DevOps | Security

What’s in a Secret? Best Practices for Static, Rotated and Dynamic Secrets

Secrets are ranked as the leading cause of data breaches. Combat this by learning how to best use static, rotated, and dynamic secrets.

Security

It’s All About Secrets Management: Preventing a SolarWinds Hack in 2023

In an era characterized by rapid digital expansion and interconnectivity, cybersecurity threats are more prevalent than ever. Supply chain attacks, in particular, have emerged as a formidable threat to governments, corporations, and individual users alike. The chilling impact of these threats was brought to the fore during the infamous SolarWinds breach. This catastrophe affected around […]

DevOps | Security

Key Ownership in the Cloud: Using Zero Knowledge to Protect Your Data

Customers often wonder if their data is secure in the cloud. To answer this, let's discuss key ownership and zero trust.

DevOps | Security

Why Secrets Rotation for On-Prem Infrastructure Matters

Credential rotation isn’t always simple or easy. Enter Universal Identity, a lightweight authentication method you can implement on any operating system.

Security

3 Things To Look Out For When Using Cloud Vaults

Cloud Service Providers (CSPs) such as Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP) have enabled the widespread move of organizations to the cloud.  Using workloads in the cloud accelerates an organization’s key initiatives such as mobility, collaboration tools, scale-out apps, and business continuity. These workloads need to communicate with other workloads, or […]

Security

Secure Your Kubernetes with Akeyless Secrets Orchestration

Explore the Akeyless Kubernetes plug-in and how you can use it to achieve enterprise-level security for Kubernetes secrets.

Security

How Do Just-In-Time Secrets Help Secure Software Supply Chains?

The landscape of cybersecurity is continuously evolving. In this digital age where data is the new gold, the quest for secure privileged access is paramount. The dawn of static secrets, including credentials, certificates, and keys, has given rise to an innovative solution – Just-in-Time (JIT) Secrets Management. This approach has emerged as a game-changer in […]

Security

Combating Insider Threats from the Inside Out

Insider threats are one of the most difficult risks for security teams to manage because most employees require some level of trust and privileges to perform their roles. Managing this risk involves detecting and containing the undesirable behavior of trusted accounts in the organization. This undesirable behavior often goes undetected for a long time.  Insider […]

Security

The Secret to Securing your Software Supply Chain

A software supply chain attack is a cyber attack where less secure elements in the chain such as third-party networks or code repositories are compromised by attackers as a means to embed hidden malware, which then finds its way into the infrastructures of organizations that use the final software. In these attacks, attackers try to […]

Security

Extra Security for Kubernetes Secrets with Akeyless

Kubernetes is a popular open source tool for automating application development. While Kubernetes includes a basic solution for keeping secrets (passwords, tokens, or keys), most organizations need an extra layer of management and security to streamline development and protect against leaks.  Let’s take a deeper look at what Kubernetes provides and how you can easily […]

Security

DevSec For Scale Podcast Ep 7: Proactively Building Secure Software

Security is often an afterthought when it comes to designing and developing applications. Josh Grossman, CTO at Bounce Security and OWASP Israel Board member, talked to me about practical ways to build security into applications and the software development lifecycle. In this interview, we talk about OWASP and the open resources it provides for software […]

Security

DevSec for Scale Podcast Ep 6: Policy-as-Code

Policy-as-code is a relatively new methodology of managing and automating security policies through code. Eran Bibi, co-founder and CPO of Firefly and former R&D Director of Aqua Security, talked with me about how DevOps engineers can harness the power of policy-as-code to validate and secure their cloud deployments. In this interview, we talk about how […]