As mentioned in the previous edition of KC Navigator, with the implementation of digital transformation, organizations have seen the number of privileged users multiply, with new types of operations such as DevOps needing access to privileged accounts.
DevOps support has become essential to many organizations looking to become more responsive and innovative by merging traditional engineering and operations teams to speed software delivery times. As a result, application developers and other agile teams increasingly need privileged access to essential tools, and this access also has to be managed.
To enable organizations to manage this type of privileged access, several vendors have introduced Privileged Access Management (PAM) tools for DevOps teams. These tools are included within KuppingerCole’s new Dynamic Resource Entitlement & Access Management (DREAM) model for access management and entitlement platforms that can manage the challenges in dynamic multi-cloud, multi-hybrid environments that businesses are adopting to become fully digital enterprises and remain competitive.
The DREAM model envisages common service development, delivery, and operations; infrastructure management and operations; and security and identity across on-prem, Edge, and private and public cloud, including managed service providers.
Fundamentally, DREAM based platforms must operate at the speed of the cloud and permission access based on tasks, toolchains, and workloads rather than roles - or only permission access to static resources such as servers or vaults.
These platforms will include the category of CIEM (Cloud Infrastructure Entitlement Management) platforms that offer rapid access to cloud infrastructure itself and in some more advanced examples, offer granular control of cloud-based resources. And as mentioned earlier, also included within DREAM are the newer PAM for DevOps tools that extend the traditional functionality of PAM for toolchain focused access for DevOps teams.
PAM for DevOps is essential to prevent attackers compromising secrets embedded in code and Continuous Integration/Continuous Deployment (CI/CD) tools, in order to gain more pervasive access to the IT environment.
Organizations need to recognize that those who work in DevOps routinely store, compile and test code that will involve privileged access to specific data sources, tools, applications, and other resources that are classified as confidential, and must be kept secure. This typically includes individual pieces of code, containers, and APIs as well as discrete data that relates to company projects or individuals.
DevOps, therefore, accesses and processes privileged data and entities on a continuous basis. Without a platform to monitor, record and control this access, countless vulnerabilities will be introduced every day through developers doing things like storing locally or sharing credentials for privileged tools and data or embedding them within an application or container they are working with. Developers may also share passwords and code, and admins may allow privileged access to users on an ad hoc basis, which can lead to privilege creep.
DevOps cannot be ignored when it comes to privileged access management. The challenge, however, is finding an appropriate access managment solution that can work at the pressure and speed that DevOps already work to and keep all secrets secure. It must not get in the way, and it must be secure and accountable through integrated tools or via third-party integrations.
DevOps and other AgileOps teams within organizations have come to rely on dynamic clouds to complete workloads on a Just In Time (JIT) basis, in response to demands from internal customers. All the while, networks are much more open to employees, third party users, suppliers, and customers – what was once considered “privileged” is becoming the norm as collaboration and data sharing become ubiquitous.
— Paul Fisher, Senior Analyst, KuppingerCole.
Because we understand the importance of access management for DevOps, and because we are committed to helping your business succeed, KuppingerCole has a great deal of content available in a variety of formats.
This includes events such as our recent hybrid Cybersecurity Leadership Summit 2021 that included sessions on topics such as Cloud Security 2025 – Perspective & Roadmap and Mastering Complexity in Your Multi-Cloud & Multi-Hybrid IT.
If you would like to hear to what our analysts have to say on the topic of access management for DevOps, listen to these Analyst Chats on The 2021 Trends in DevOps and Security, Privileged Access in an Agile World, and Ephemeral Credentials.
To find the answers to questions about whether there is a future in deploying access management in DevOps environments, watch this webcast on How Privileged Access Management Can Help in Securing the Enterprise.
For an analysis of how access management platforms will develop support for DevOps, have a look at this presentation on how In the Future PAM will Become Embedded in the IT Stack.
If you would prefer to read concise observations by our analysts on topics related to access management and DevOps, have a look at these blog posts:
- Centrify & Thycotic: Will 1+1 be 2? Or less? Or more?
- 10 Use Cases for Universal Privilege Management
- What's the Next Generation in PAM?
- PAM Can Reduce Risk of Compliance Failure but Is Part of a Bigger Picture
For a wide range of perspectives on access management for DevOps from our analysts and vendors, have a look at the list of webinars below and choose those that are of most relevance or interest:
- Decoding Advanced Privileged Access Management for Digital Environments
- The Future of Privileged Access Management and Reducing Risk for Modern Digital Enterprises
- The Security & Identity Challenges of Modern IT: Agile IT & DevOps Done Right & Secure
- Solving Problems in Privileged Access Management with Automation
The requirements for access management in DevOps differ from regular access management. For more information on this topic, have a look at this Whitepaper on Privileged Access Management Solutions for Agile, Multi-Cloud and DevOps Environments.
To find out more about how DevOps and other modern IT developments such as APIs are impacting on choice of access management solution, have a look at this Whitepaper on Enhanced Privilege Access Management Solutions.
For a perspective on why the privileged user management rules for SMBs are different, especially when it comes to DevOps, and how SMBs should pay attention to vigorous access management solutions despite worries about cost, deployment, scalability and ROI, have a look at this Whitepaper on Fast Access Management in the Hybrid Cloud for SMBs.
As mentioned above, the challenge is choosing an access management solution that can work at the speed of DevOps. For an assessment of those PAM vendors that are addressing the needs of DevOps and agile environments, have a look at this Leadership Compass on Privileged Access Management for DevOps and the Leadership Compass on the wider Privileged Access Management market.
For an overview of various other access management solutions markets that reference DevOps, have a look at the Leadership Compasses on Access Management, Access Governance & Intelligence, and Identity Governance & Administration (IGA).
Further orientation on the solutions markets of access controls in the DevOps environment can be found in these Market Compass report on Dynamic Authorization Management.
Guidance on questions to ask vendors, criteria to select your vendor and requirements for successful deployments can be found in this Buyer’s Compass on Privileged Access Management.
Organizations investing in technologies to enable access management for DevOps, can have a look at some of the related technology solutions that we have evaluated: