An experienced innovator helping organizations protect against risks in the modern cloud era: Secrets Sprawl Akeyless Security

The Silicon Review

Secret sprawl has become the most critical security risk in organizations today, particularly within companies embracing hybrid multicloud and DevOps. Having millions of secrets (credentials, certificates and keys) used widely across disparate IT environments, without centralized management and protection, has led to an onslaught of security breaches. For instance, the recent Uber, Toyota and GitHub breaches all involved compromised machine secrets. Likewise, according to the 2020 Verizon Data Breach Investigations Report, compromised credentials alone are involved in 61% of attacks.

Secrets are basically authentication methods that humans as well as machines (automated processes) use to access critical workloads. There are several kinds of secrets such as password, application keys, encryption keys, API keys, and authorization tokens among others. Whatever their kind, companies depend on secrets to protect the access for any data by having users and applications authenticating their identities prior to accessing that data. Therefore, Secrets management is a mission-critical aspect for modern-day enterprises that operate in DevOps and hybrid multi-cloud environments. Likewise, securing secrets is essential to the overall security of any business.

With more and more businesses relying on modern technology to remain competitive, conventional approaches to secrets management that require significant self-deployed infrastructure costs and complexity are no longer efficient at securing access to systems, applications and data at the speed and efficiency required for security and IT teams to remain agile.

For instance, DevOps, cloud initiatives and app containerization is creating an influx of automated processes that require applications to communicate between themselves. This means that machine-based secrets must be in place to ensure that this communication is secure. Akeyless is the ﬁrst of its kind—a cloud-native, hybrid, and multi-cloud SaaS Secrets Orchestration Platform, built to centralize, manage and secure all types of secrets, to include those that are used in machine to machine interaction as well as human to machine. The Akeyless platform is built on top of a unique, patented technology that provides a true Zero Knowledge solution, ensuring that even Akeyless can’t access customer secrets and keys. Policies must be formed by the security leader of an enterprise to manage the secrets centrally and apply different protocols at various stages of a secret’s lifecycle. Globally there are various companies delivering solutions for secret management, but Akeyless stands out from all. Led by a seasoned team with proven track record and diverse backgrounds in security, Akeyless empowers software-driven enterprises to centrally manage and protect all types of Secrets, to include those related to Hybrid, Multicloud and DevOps use cases. Likewise, the company’s unique combination of innovative technology and global SaaS, cloud-native architecture enables enterprises to quickly secure DevOps, cloud workloads, and legacy environments, while meeting compliance and regulations.

In conversation with Shai Onn, President and Co-Founder of Akeyless Security

Q. What methodology does Akeyless implement to exceed customer expectations?

As an agile, dynamic company, we are constantly and proactively reaching out to customers to hear about their current and future needs. This includes weekly sync meetings, periodic town halls and frequent C-level consultation. This direct customer feedback plays a major role in our development plans.

We are also very transparent regarding what features are supported today and what we will provide in the near future. We always make sure to deliver on our promise for functionality and time, careful to never oversell beyond our customers’ needs, ensuring that the solution we provide matches the customer’s use cases.

Q. How does Akeyless enable enterprises to quickly secure DevOps, cloud workloads, and legacy environments? And how revolutionary is its secrets orchestration platform?

Secrets are mission-critical for DevOps and cloud workloads — they allow the ongoing, secure access that these workloads need to operate. As such, secrets management systems must be highly available in order to provide servers and automated processes with their required credentials, certiﬁcates, and keys, in near- real-time. Using the Akeyless SaaS platform allows enterprises to enjoy ongoing, highly available secrets orchestration without a complex, self-deployed IT project. Akeyless is delivered from the cloud and consumed as a service, so it is already production-ready with 99.99% SLA from day one. Unlike competing solutions, Akeyless eliminates the operational overhead associated with self-deployed vault clusters, while traditional and virtualized vault instances require continuous hardware and software maintenance, and are complex to scale. Our SaaS platform eliminates maintenance outages, and auto-scales for demand peaks, with built-in multi-regional high availability and disaster recovery.

What’s more, our customers gain fast time to production and high adoption rates as a result of our self-service sign-up, the ability to automatically migrate secrets from various locations, as well as connections to existing tools and workflows via native integrations, out-of-the-box plugins and standard APIs etc.

Our patented Distributed Fragments Cryptography (DFC™) technology enables true Zero Knowledge within a SaaS framework, a revolutionary idea in Secrets Management. By using DFC our customers ensure that their data cannot be seen or accessed by anyone outside of the organization, including Akeyless.

Q. In your opinion, why are certain companies still unaware of the risks hiding in their own networks? What are the mistakes to avoid?

We believe the main reason why many companies have been unaware of the severity of “Secrets Sprawl” is tightly coupled with the increased implementation of new automated tools and DevOps methodologies in the cloud. As more and more companies adopt these modern technology models, they are quickly becoming aware of the problem.

For instance, when managing network and application access, organizations have a difﬁcult time getting their developers to follow security policies in terms of managing their sensitive data, particularly the secrets that are necessary for application access. Therefore, many developers will simply take the path of least resistance with risky behavior such as hard coding credentials within their source code, storing secrets in conﬁguration ﬁles, or keeping them in an Excel ﬁle on their computer or Google Drive. When confronted with this “Secret Sprawl,” there are methods to ensure secrets are managed and secured, and that starts with enforcing policies within the organization and using a Secrets Management platform to centralize all credentials and make it less cumbersome for developers to consume them.

Q. Why is it important for an enterprise to have cyber resilience?

The simple answer is that resilience is the way we mitigate risk. The more resilient our systems and processes are, the less likely we are to get hacked, and in the instance of a hack, sustain as little damage as possible to the business. Secrets are the keys to your kingdom, which means they are the ﬁrst point of entry for an attacker. In fact, compromised credentials alone are involved in 61% of attacks, according to The Verizon 2022 Data Breach Investigations Report.

Q. What strategies are in place to encourage innovation in your company?

We use 3 main strategies to encourage innovation at Akeyless:

Listening to customer success and account managers in the ﬁeld with strong customer relations, who can reﬂect actual customer challenges
Keeping a multidisciplinary team of security, development, cloud, and cryptography professionals, who complement each other and provide fresh angles. Similarly, our team includes professionals who are well-versed in on-prem systems together with cloud-born engineers
Having a long-term vision: we stay closely connected to industry analysts, thought leaders, and our partners to ensure we remain on the forefront of the latest market trends impacting our customers

Q. How skilled is the Akeyless team of experts, and how do they bring value to the company?

Akeyless was founded by cryptography, software and business leaders with a wealth of experience from top-tier companies that went public or were acquired. The Akeyless development teams continue to improve the product daily and bring value to customers and users.

Q. In what industries are your clients? Can you provide us with one or two success stories describing the challenges your clients faced and how your solutions helped them overcome those challenges?

Our clients include some of the largest retailers in the world, including enterprises in Fintech, Software, Gaming and Manufacturing.

Cimpress Case Study

Before switching to Akeyless, Cimpress maintained a 24x7 team to support continued access to their mission-critical secrets. A company with 13 global subsidiaries and over 10,000 employees, Cimpress needed a secrets management solution that would ensure high availability and data recovery but allow autonomy for their worldwide development teams. Cimpress chose Akeyless as their SaaS solution for secrets management, and saw a 270% rise in adoption, thanks to Akeyless’ seamless deployment and ease of use. In addition, using a SaaS framework for secrets management allowed Cimpress to reduce costs by over 70%. Cimpress was even able to extend its secrets management further with the Akeyless Universal Identity feature, which allows secrets management for legacy hardware and systems.

Progress Software Case Study

With so many divisions and teams, many of which were adopted from acquisitions, Progress’ developer teams were inundated with disparate tools and needs. What they had in common was a rapid growth in secret usage to access APIs and workloads, with an increased risk of secret sprawl and exposed credentials. Initially, Progress used open source software for its secrets management, but this quickly became unmanageable. Progress’ multi-cloud strategy required a central solution that the business teams can simply consume, without spending signiﬁcant time and money on running and maintaining it. When Progress learned about Akeyless, they were attracted to the simplicity of using a true, purpose-built SaaS platform. They quickly saw the value of a solution that could be easily adopted by different teams, with a wide range of OOTB integrations with their existing cloud services and DevOps tools. With Akeyless, these teams now have access to a centralized secrets management system that is available wherever the staff and workloads are located, regardless if they use AWS, Azure, or Google Cloud. In addition to the increased efﬁciency and security for developer workﬂows, teams no longer have to waste cycles on maintaining the complex underlying infrastructure and patching software, a time waste that is common with traditional secrets management tools.

Q. No doubt Akeyless is charting new territories in this segment. Given how frequently circumstances change, what plans for transformation are you pursuing to remain relevant now and in the future?

We believe that the ongoing cloud transformation among organizations worldwide will continue to create an increased need to protect all kinds of data in any type of environment. That is why we have created our “Akeyless Data Protection” offering (currently in closed beta for select customers), which provides encryption services and management of encryption keys. This offering is a powerful complement to our current secrets orchestration product and is accessible from the same uniﬁed platform.

Q. What level of growth do you hope to see in the next ﬁve years?

Akeyless expects to establish its place as a leader in the growing market of secrets orchestration by becoming the “go-to” solution for organizations of all sizes. Over the coming years, we’ll continue building capabilities into our platform that allow customers to better protect their infrastructure, applications, and data from malicious attacks.

Meet the leaders behind the success of Akeyless Security

Shai Onn, Co-Founder and President of Akeyless, is a serial entrepreneur and an accomplished business executive with vast international experience. Among his previous roles were Founder & Chairman of Fireglass (acquired by Symantec), Israel Country Manager, CA Technologies and Executive VP at Ness Technologies.

Oded Hareven is the Co-Founder and CEO of Akeyless. He is a veteran of the IDF Cyber-Security elite unit, specializes in Identity and Access Management technologies and has held various senior product and project management positions in both enterprise organizations and startups. Among his previous roles were Director of Product Management at Moovit (acquired by Intel) and PMO at CA Technologies.

Refael Angel is the Co-Founder and CTO of Akeyless. A seasoned software engineer with expertise in cryptography, he is the mastermind behind Akeyless’ patented technology (Distributed Fragments Cryptography, or DFC™). Formerly, Refael was a Senior Software Engineer at Intuit R&D center in Israel.