Thales Blog

Implementing Data Protection and Key Management in DevOps without slowing things down

February 15, 2022

Robert Masterson Robert Masterson | Senior Partner Marketing Manager More About This Author >

As enterprises develop software in today’s environment, where everything has digitally transformed and must follow Zero Trust policies, new challenges arise that can complicate and slow down the DevOps software pipeline. Plus, insecure implementations can leave sensitive data at risk.

To address these concerns, a company’s DevSecOps processes need to start at the very beginning. Let’s keep it simple – let’s call anything that could be considered sensitive data a ‘secret’. Through diligent coding policies and procedures, your developers are implementing data protection into their CI/CD process. All secrets are being encrypted or tokenized, and data appears secure.These processes require encryption keys, and controlling these keys requires a robust key management process. But…

The DevSecOps team has now noticed the management of the many encryption keys has slowed down the development pipeline, decreasing the DevOps efficiency. Plus, there are questions on how to ensure all of these enterprise-wide encryption keys are kept safe, especially ‘Secret Zero’, or the server encryption key used to encrypt all of the other keys.

In a recent webinar, “Thales TalkingTrust with CyberArk – DevSecOps”, two industry-leading companies discuss the importance of properly securing the ‘secret zero’. Known as the ‘keys to the kingdom’, if this main key is compromised, all other encryption keys are at risk. The addition of a Thales Luna HSM or Luna Cloud HSM provides the needed root-of-trust security to the vault that stores these critically important secret-zero keys. With this integration, the highest level of security for the server key vault is ensured.

In addition, CyberArk discusses how Conjur Secrets Manager Enterprise, their secrets management solution together with Privileged Access Management simplifies and transforms the key management process into a fast and portable process for developers, while offering security teams centralized control and management of credentials. These are the critical credentials to access IT and other high value resources. The credentials providing this access need to be controlled and secured by encryption keys.

Conjur helps simplify how applications and containers request and manage encryption keys across the key lifecycle. Integrated with Thales Luna HSMs, available on-premises, in the cloud as a service on DPoD, and also in hybrid environments, and Thales CipherTrust Data Security Platform (CDSP), Conjur simplifies key lifecycle management of the credentials that applications and containers need to access resources.

With the Thales and CyberArk partnership, Conjur, Luna HSMs and CDSP are seamlessly integrated and nearly effortless to implement, enabling key management, encryption, and tokenization tasks that don’t slow things down. The joint solution secures the keys that secure the kingdom that is securing your data.

This Thales TalkingTrust with CyberArk – DevSecOps on-demand webinar explains everything you need to know about CyberArk DevSecOps.

To listen in on Thales and its key Luna Hardware Security Module (HSM) technology partners, as they talk through the latest trends and risks organizations are experiencing when modernizing their businesses, view all videos in the Thales TalkingTrust series.