The Missing Link in DevOps Cloud Security

You may or may not have seen the data from the latest Verizon Data Breach Incident Report by now. They found that half of security breaches stem from credential abuse. What is clear is that credential compromise is rampant in cybersecurity. But how can we avoid it? Multifactor authentication and least-privilege policies are a good start.

According to the report, misused credentials have shot up by almost 30% over the last five years. Engineers and developers may be even more attractive targets for attackers because their admin privileges allow way more access than that of an everyday user, perhaps even so far as having always-on access when they actually only need intermittent access to do their job.

Gartner posits that privileged access carries significant risk, and they recommend IAM leaders implement just-in-time (JIT) strategies with a goal of reaching zero standing privileges.

In his latest article for DevOps.com, Ermetic co-founder Arick Goomanovsky explains how JIT may be the missing link in DevOps cloud security. Read the full article now.