CyberArk Conjur. Secure DevOps environment
The DevOps methodology has been gaining more and more followers, both among big corporations and small IT businesses. By combining strict collaboration of developers and administrators as well as through a wide use of work automation tools, it makes IT teams faster and more effective. However, it has its weak points which affect the security of the whole environment. CyberArk Conjur is a solution which can help. How does it work? Let us explain!
The foundations of DevOps are communication, collaboration and integrations between developers and specialists in the operation of IT systems. This particular methodology accelerates the development of software, products and services. For such efficient collaboration to be possible, it is necessary to automate the IT environment as well as to use multiple tools and cloud-based resources.
The DevOps methodology
Physical users and various kinds of tools are part of the process of creating software by following the DevOps methodology. Each day, IT environments use new microservices which communicate with one another as well as with users and administrators by means of special credentials called secrets. The entire authentication process in DevOps takes place automatically and remains outside the control of the security department. This means that unauthorised persons can sneak inside programming tools or hijack the administrator’s account and then infect the code, thereby infecting the entire IT system.
In other words, though the DevOps methodology enables the implementation of multiple tools that optimise development, testing and deployment of new software, it fails to ensure adequate security of the whole IT environment. It results from, among other reasons, the lack of one location for managing credentials and privileged accounts as well as the inability to use rotation of passwords, keys and tokens, since multiple tools share the same data.
CyberArk Conjur
CyberArk Conjur is a solution to this problem. It was designed for managing security, credentials and access in DevOps environments. The tool supports the administration of secrets used by applications, microservices, Continuous Integration (CI) and Continuous Delivery (CD), APIs etc. It is an additional module – an extension of the standard Core Privileged Access Security module.
CyberArk Conjur supports:
– managing data secrets such as tokens, SSH keys, API keys, certificates
– the use of RBAC (role-based access control) mechanisms
– secure storage and management of secrets combined with the mechanism of automatic rotations based on configurable policies
– centralised audit for all events and operations, including report generation
– full integration with DevOps tools such as Ansible, Chef, Jenkins, and Puppet as well as containerization tools, e.g. Docker, OpenShift etc.
How does CyberArk Conjur work? It dynamically collects credentials from a secure location (Vault) only when the given tool, application or system actually needs them.
CyberArk’s solution can be easily integrated with the most common DevOps tools and platforms as well as with any systems used by enterprises. Thanks to this approach, organisations can implement and enforce predefined security models and practices. As a result, it enhances security without slowing down developers in their work.