CyberArk and the Dive into DevOps

Josh Raduka, IAM Consultant, SecureITsource, Inc.

As you may have heard, CyberArk acquired the privately-held Conjur, Inc., back in May of this year for $42 million. This cash purchase bonded the two firms headquartered in Newton, Massachusetts and equips CyberArk with the arms to extend its reach into the DevOps lifecycle. It’s a smart move for CyberArk, because with the number and speed of applications and software programs booming, the processes built around the software development lifecycle (SDLC) must also adapt without compromising security.

What is Conjur?

CyberArk Conjur is a platform independent “secrets” management solution designed to integrate true security into the DevOps pipeline, while supporting the swiftness of modern software deployment.   These secrets secured by Conjur include SSH keys, API keys, SSL certificates, privileged accounts, passwords, etc., and are used by a range of different CI/CD tools and machine entities.

CyberArk Conjur integrates with the leading DevOps tools such as Puppet, Jenkins, and Ansible along with container orchestration technologies, like Docker, to provide protection and auditability to your resources throughout the DevOps pipeline.

The great power behind these tools enables an organization to control complex multi-tier deployments, automate tasks and provisioning. Due to these capabilities, keeping these secrets safe is critical to maintaining a secure IT environment.

Why Conjur?

As the popularity and adoption of DevOps increases, so does your attack surface. All of the secrets whispered throughout the DevOps pipeline quickly become a target for attackers and a risk to the organization. Conjur helps organizations improve their security posture by keeping these secrets out of source code, repositories, or from sitting on disk in a flat file.

With the complexity and scalability of DevOps, how will you plan on keeping track of the tools, systems, and users that are sharing your organization’s valuable secrets? Conjur helps organizations and security teams maintain a centralized, tamper-proof audit trail for all authorization events and secrets operations. Built-in reporting capabilities provide a simple and effective way to review the secret sharing activities, like who\what is accessing a certain secret, or who\what has access to a specific secret. The audit trail can also be exported as a JSON stream to be ingested by access control tools. This brings up the next key feature which addresses who\what can access a secret(s).

Conjur secures access to your privileged secrets via Role-based access controls (RBAC). RBAC is a proven model for infrastructure security and simplifies the provisioning process for different users or machines and even groups of users or machines. Conjur integrates with Active Directory\LDAPs to leverage existing users and groups.

And finally, what would a modern security solution be without high-availability, resiliency, and high scalability? CyberArk Conjur operates as a web service built upon a distributed, high-availability architecture with full fail-over/redundancy capabilities. The expandable Conjur architecture allows for replicated servers to be spread out across availability zones, regions, and even clouds.

If you’re looking for a DevOps solution that takes security seriously while providing the features and functionality above, look no further than CyberArk Conjur.