October 2018 AST 'ASTORS' Finalist Edition Oct 2018 AST Magazine Final (10.16.18) | Page 71

party applications to ensure
protection.
Volume 27
September 2018 Edition
Manage NIX SSH keys
• Attackers can leverage un-
managed SSH keys to login
with root access and take
over the NIX technology
stack, so make sure all SSH
key pairs on Linux and Unix
production servers are vault-
ed and rotated on a routine
basis, as these systems often
house highly sensitive as-
sets.
cates that 57 percent of federal organizations
Defend DevOps secrets
experienced a data breach in the past year, in
• To ensure attackers can’t exploit your DevOps
comparison to just 26 percent of non-U.S. gov-
environment for more pervasive access, vault
ernment agencies worldwide.
and automatically rotate your public cloud
privileged accounts, keys and API keys as well • Furthermore, 68 percent of respondents said
their government organizations are “very” or
as any credentials and secrets used by CI/CD
“extremely” vulnerable to current cyber securi-
tools such as Ansible, Jenkins and Docker.
ty challenges, while only 48 percent of global
counterparts admit to the same.
Secure SaaS admins and privileged users
• Confirm that all access
to shared IDs is isolated
and require multi-fac-
tor authentication to
prevent attackers from
gaining high-level and
stealthy access to sensi-
tive systems by stealing
credentials used by SaaS
administrators and privi-
leged business users.
Remaining Vigilant
• Recent research indi-
(Cindy Provin, CEO of Thales eSecurity, discusses key findings from Thales eSecuri-
ty’s 2018 Data Threat Report, Global Edition.)
69