With the recent launch of 1Password Secrets Automation, we were eager to learn more about current habits and feelings related to secrets management – good, bad, and everything in between – to help illustrate the problem and the risks involved. We surveyed 500 businesses on the topic, and today we’re excited to share our findings in a new report.
Today’s high-tech ecosystems involve thousands of vulnerable secrets, which are often spread out across multiple services with no visibility or auditability. To avoid a data breach, these need to be encrypted and delivered to machines and services safely; but as the report shows, there’s a long way to go. We’ve summarized some of the key takeaways below, or you can download the report to read the complete findings.
Do you know where your secrets are?
Around 80 percent of IT and DevOps teams are not managing their secrets properly – think API keys, tokens, and certificates. These secrets let a database admin access a database, an app access another app, and so on. Secrets are the lifeblood of your growing infrastructure. And as you grow, develop, and deploy across your technology, you’re creating a long trail of insecure secrets that are stashed wherever it happens to be convenient.
It’s far more complex than it used to be, even for non-tech companies. Reliance on more cloud applications is a major source of this new stress, according to our report. It’s a bigger problem than just managing them; many teams don’t even know where secrets are. Half of IT/Dev workers don’t know how many locations their company secrets are scattered across, with too many to count.
Growing complexities have turned secrets management into a daily stress and productivity drain. The majority of IT/DevOps leaders find their work is disrupted at least daily so they can track down or manage their company’s secrets, and a third say it’s the worst part of their day. Some individual workers are disrupted four-plus times a day.
This stress can naturally lead to mismanagement of secrets, as well as larger issues with work quality and morale. Poor habits that form along the way put these secrets — and by extension, the company — at risk.
Poor habits cause breaches
We call them “secrets” for a reason. But workers (and leaders, for that matter) are not protecting them like secrets. In fact, 60 percent of IT/DevOps organizations have experienced secrets leakage in some form.
Paired with the stress of managing them properly, a lack of education around proper secrets management has allowed dangerous habits to form, including:
- Reusing secrets across projects
- Using the same secrets in both production and testing/staging
- Storing secrets in shared or unsecured spreadsheets
- Sending secrets over email, chat, and text
- Former employees maintaining access to secrets
Our report shows the extent of these (mis)management habits, and the potential cost of breaches that can result.
Taking control of your secrets
All of this secret sprawl leaves company systems and data more vulnerable than ever. But 70 percent of U.S. workers believe it falls solely on their company to protect work accounts from an attack. This has created quite the dilemma.
An improved culture of security should be a priority to help reverse this trend; workers need to do their part to keep secrets secure, and be mindful of best security practices in all they do. The right tool, along with improved education and awareness, can make the secure way to work also the easiest way. Just as 1Password helps employees manage their passwords, 1Password Secrets Automation helps protect infrastructure secrets and deliver them – securely – where they’re needed.
We hope you’ll find some valuable insights in our report that you can share with your team and use to evaluate your own secrets management practices. Thanks for reading!