CloudTruth Announces Availability Of Control Plane To Centrally Fix Leaked Secrets
Company Adds Ability to Centrally Remediate Leaked Secrets, Repo Leaks, Track Changes, and Create Reporting for SecOps and SOC 2 Compliance
BOSTON, May 4, 2023 /PRNewswire-PRWeb/ -- CloudTruth is announcing the immediate availability of new functionality to fix leaked secrets from source code, deployment pipeline logs, or security breaches. Secret rotation is a critical, time-sensitive, time-consuming, and error-prone task. DevSecOps teams must act quickly to rotate secrets when a leak is detected.
CloudTruth is the engine that ensures the new secret is distributed to all the locations where it is needed. The CloudTruth API securely connects to existing secret stores, providing an abstraction layer that tracks secret changes and injects with late-binding precision. CloudTruth centralizes secret complexity into one system that tracks all references, giving security teams the confidence to know that rotation was successful and reducing the toil associated with secrets rotation and change tracking.
With CloudTruth, teams work where they are comfortable (source repos, secret stores, CI/CD, IaC, IaaS, etc…), and CloudTruth becomes the "config and secrets co-pilot" working alongside existing tools and deploy processes.
Organizations must manage secret access control tightly to prevent a security breach that can ruin reputations and cause business harm. The rising adoption of third-party components and microservices increases the difficulty of effectively tracking and managing secrets across many projects, teams, and environments. As a result, modern software development lifecycles need secure repos and sophisticated secret stores. Secrets still leak, and it's more common than it should be.
A study revealed that leaks are up 50% from 2021. GitHub secret scanning found almost 1.5 million accidentally exposed secrets out of 13 million total commits. Solutions like GitHub Advanced SecurityTM help secure source code and scan for leaks. Similarly, for CI/CD, GitHub ActionsTM alerts users; however, remediating and documenting the leak is time-consuming, lacks automation, and risks missing a required change. In a recent blog, the author lays out how to improve velocity and improve application security pipelines by leveraging automation and AI for "Velocity with Guardrails."
With all the advancements in modernizing the build-deploy pipeline, managing secrets at scale has lagged behind other components in the DevSecOps toolchain, resulting in decreased release velocity and increased risk of sensitive information exposure. Popular platforms such as CircleCI, LastPass, and Uber experienced brand damage because of leaked secrets. The commercial impact on LastPass is estimated to exceed $1B, and the average breach cost is $4.35M. The truth is that the problem is growing, exposure is expanding, an information breach is likely, and it will take scarce resources with time to recover from the negative business impact.
Top Leaked Secrets Sources:
- Secrets hard coded into source code
- Secrets in scripts or ENV variables
- Inadequate role-based access control
- Verbose log messages with no redaction
CloudTruth Leaked Secrets Fixer Feature Details
The CloudTruth platform is available today to integrate existing workflows and fix leaked secrets. Connect to all secret sources, and the CloudTruth control plane provides a centralized operational hub across a complex and diverse set of sources. Users keep all secrets where they currently exist, and CloudTruth becomes an abstraction layer that ties all the sources together and allows for complete end-to-end secret tracking, history, and comparisons. CloudTruth's dynamic secrets injection function syncs with sources and injects secrets in build, deploy, and runtime workflows. Fixing a leaked secret with CloudTruth is as easy as changing the secret at the source, and CloudTruth fetches the new value and completes the secret swap while dynamically tracking all activity. Users now know that all the leaks are fixed and can produce a SecOps compliance report with one click.
For more information, visit the CloudTruth Leaked Secrets Fix solution page.
ABOUT CLOUDTRUTH
CloudTruth supercharges DevSecOps workflows and accelerates your build pipeline by giving teams a systematic way to inject and manage all your configurations, including secrets, into your code releases which improves developer, DevOps, and Platform Engineering productivity. To learn more about how CloudTruth can help solve your configuration issues, visit https://cloudtruth.com/
Media Contact
Christian Tate, CloudTruth, 1 781.254.2581, [email protected]
SOURCE CloudTruth
Share this article