Since companies migrated their businesses online, technology has rapidly evolved to help them manage their security processes. However, technology is ironically creating gaps in cybersecurity.

In a 2020 report, research firm Forrester highlighted that machine identities were growing twice as fast as human ones. This situation poses a problem for most secrets management protocols since they're designed to handle human identities. As containerization, DevOps culture, and cloud use have exponentially increased, most security protocols scrutinize the wrong identities.

Recently, GitHub experienced a data breach due to hackers compromising security tokens. These tokens were linked to machine identity access, not human ones. Enterprises are gradually waking up to the threat insecure machine identities pose to their organizations.

Oded Hareven, Co-Founder and CEO of SaaS-based secrets management company Akeyless, believes the solution is a platform that unifies secrets management across different departments in an enterprise. "Akeyless, in a nutshell, is a secrets orchestration platform," he says. "Whether it's API keys, passwords, certificates, encryption keys, and so on, that's unifying for all of those use cases, both for machine-to-machine and human-to-machine."

Managing Secrets Sprawl

An organization has several secrets. Passwords, security keys, and configuration settings are some examples of secrets that exist almost everywhere in an organization's DNA. These secrets are present in source code, CI/CD pipelines, automated scripts, etc. 

As code runs organizations to a great extent, a company's secrets are sprawling exponentially. Every department has its set of secrets and methods of guarding them. Unique business conditions also dictate how a department guards its secrets. For instance, a procurement department liaises with third-party vendors more often than the finance department. As a result, the former will be more willing to open its systems to outside integrations, leading to different secrets management protocols.

Thus, securing this sprawl from automated machine access is challenging. Akeyless believes that integration and centralization are the way forward. Instead of creating a solution sprawl to tackle disparate secrets, the platform integrates with several security solutions and gives security teams visibility into statuses on a central dashboard.

Akeyless integrates with IDPs such as Okta to simplify authentication. The platform also claims to eliminate the Secret Zero problem by providing a machine identity to secure initial connections to the product. Companies can also plug Akeyless into their CI/CD pipelines to gain visibility into automated access protocols.

Managing secret exposure in code is challenging, and Akeyless offers SDKs to prevent this situation from occurring. In addition, the platform also offers password management, secrets imports from Kubernetes, Azure, HashiCorp, and other vaults, and integrates with existing security plugins.

Hareven describes his company's product as an API gateway. "We're able to provide a solution for legacy, on-prem private clouds, hybrid environments, and of course, multi-cloud, which is one of our great advantages."

Complete Encryption and Security

Key encryption is essential to successful secrets management. Enterprises often worry (rightly so) about the extent of access their security service provider has to sensitive data. The average secrets vault promises high-grade encryption that prevents the vault from accessing sensitive data.

Akeyless goes further by highlighting its FIPS 140-2 certified, Akeyless DFC^TM technology. The company has patented this technology. Briefly, it works by storing key fragments across different cloud and on-premise environments. The result is keys are fragmented and thus, Akeyless doesn't have access to decrypt keys.

This ZK technology is central to the value Akeyless offers. "There is no cloud provider that can grab your encryption key somehow, and those fragments are never combined because the encryption takes place on the customer end," Hareven explains. "By that and by having a customer key fragment on their own facility, we're getting to a model where we're providing zero-knowledge." 

Users can manage static secrets by uploading connection strings, credit card numbers, and API tokens. They can even create time-bound secrets and manage them accordingly.

For instance, Akeyless supports temporary user creation to help JIT access to targets such as Azure AD, AWS, Chef Infra, etc. Users can rotate and automate password changes for sensitive identities such as admin accounts.

Granular Audit Trails

The typical approach to handling enterprise secrets sprawl is to use local solutions. Ironically, this approach creates another problem: A solution sprawl. Managing all these solutions and the machine identities they monitor can become chaotic.

One solution is to adopt a decentralized cybersecurity and secrets management posture. In this model, an organization appoints security teams within each department, and they function independently. Collaboration becomes tricky but can be managed with some planning.

This approach is the opposite of what Akeyless offers. By acting as an API gateway, the platform centralizes secrets management in the hands of a central team. Some enterprises will find this approach counter to their decentralization aims.

However, the centralized approach eliminates the risk of duplicate security infrastructure. Centralization also offers insights into granular machine identities, Least Privileges processes, analytics, integration with SIEM, and so on.

Thus, tracking gaps in security postures is simpler than in the decentralized model.

A Gateway to Robust Secrets Management

Akeyless is fast positioning itself as the primary choice for enterprise secrets management. Hareven believes the only way is up. " We have plans to accelerate the business, products, the growth, and the understanding of how to go deeper," he says. As the industry evolves, Akeyless is well-positioned to offer unique solutions to its customers.