Developers' Secrets, But Security Team's Challenge

Entro Security's Steve Johnson on Vault Use for Secret Management
Steve Johnson, vice president of sales, Entro Security

The lack of the security team's involvement in the creation and the permissioning of developers' secrets poses a significant challenge when it comes to safeguarding the organization, warned Steve Johnson, vice president of sales at Entro Security.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

Why do adversaries find exploiting these secrets so attractive? "It's appealing because it's not involving a user, it can be just literally a string of characters in its most basic form," Johnson said. "So when you gain access to those, as a malicious outsider, you have a lot of access inside of the organization to critical databases that contain sensitive information."

Organizations need to implement secret management best practices and the first step is the use of vaults and managing the many vaults created throughout the enterprise, Johnson said. Entro helps customers ensure adherence to security processes, gain oversight into all areas where secrets are shared, and effectively reduce the attack surface area.

In this video interview with Information Security Media Group at ISMG's Financial Services Summit 2023, Johnson also discussed:

  • Hurdles organizations face when trying to gain visibility into developers' secrets;
  • How Entro addresses issues related to vault use in organizations;
  • Overcoming challenges associated with securing developers' secrets.

As a former security engineer, channel manager, and head of emerging products, Johnson has a unique combination of technical, business and leadership skills and is responsible for driving sales and security excellence at Entro Security. He has more than 20 years of experience in the computer and network security industry.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.