For many DevOps enthusiasts, the need to insert security considerations directly into the development cycle was often overlooked. After all, DevOps arose and gained popularity with its ability to empower developers to deliver software faster. Putting security into the forefront of the DevOps process is not always straightforward at first and can be something DevOps teams struggle to get off the ground. To address these challenges, Thales and Red Hat offer data protection and automation solutions.
In this blog, we discuss three ways to “shift left” and infuse security into the DevOps cycle itself – also known as DevSecOps – so developers and business owners can successfully move further “right” down the development cycle faster with their application processes already properly secured.
Protect and Automate Secrets – In today’s development landscape, which may contain hundreds of thousands of containerized applications, many DevOps and Security Teams are struggling to wrangle their “secret sprawl”. Secrets are the credentials that act as a key to unlock protected resources or sensitive information in tools, applications, containers, DevOps and cloud-native environments. DevOpsTeams can leverage Thales CipherTrust Secrets Management (CSM), powered by Akeyless Vault, to protect and automate access to secrets across DevOps tools and cloud workloads to ensure dynamic and secure access to credentials such as certificates, API keys, and tokens. CSM also enables comprehensive secrets management including static secrets, dynamic secrets, secrets rotation, SSH keys management, auditing and analytics, across DevOps and hybrid multi-cloud environments, via a scalable as-a-service deployment.
Protect Kubernetes Data – Kubernetes is an open-source container orchestration software solution commonly used by DevOps teams today. As modern apps are increasingly built using containers and microservices, Kubernetes facilitates efficient application deployment and management. In these environments, data is stored in persistent volumes for stateful applications. Securing this data at rest is vitally important since it is otherwise vulnerable to breaches or unauthorized access. However, using Kubernetes is not always easy and typically involves a steep learning curve. Teams often choose out-of-the-box pluggable solutions to help simplify administrative tasks, including security configurations. To help DevOps Teams easily secure their Kubernetes clusters, Thales offers CipherTrust Transparent Encryption (“CTE”) to secure data in persistent volumes attached to pods running on Red Hat OpenShift, an enterprise-ready unified platform to build, modernize, and deploy applications at scale.
Protect Encryption Keys – Digital certificates and their associated keys offer data-in-motion security by enabling secure communications using HTTPS-based communication protocols.Dev Ops Teams often use this method to securely connect to applications, servers, and cloud resources. To protect certificates and their associated encryption keys, IT Teams initially use Thales CipherTrust Manager Community Edition and scale to a CipherTrust license if and when its warranted. CipherTrust Manager simplifies the management of encryption keys throughout the entire lifecycle, including generation, backup/restore, clustering, deactivation, and deletion. Additionally, IT Teams can also leverage the Thales CipherTrust Ansible collection, to perform configurations faster and more efficiently. Red Hat Ansible Automation Platform is an end-to-end automation platform to configure systems, deploy software, and orchestrate advanced workflows. It includes resources to create, manage, and scale across the entire enterprise. This enables Dev Teams already using Ansible for their infrastructure deployment to more easily and securely manage keys from a centralized console.
There is an increasing number of solutions and tools to help DevOps and IT Teams embrace DevSecOps. Thales and our Technology Partners, such as Red Hat, are proud to offer such solutions. To learn more about our developer offerings, please visit this page or attend our upcoming webinar on November 2nd.