State of Application Secret Delivery and Audit Practices

QualiMente and #NoDrama DevOps is pleased to share the 2019 State of Application Secret Delivery and Audit Practices report with you.

QualiMente investigated DevOps Practitioners’ processes for delivering secrets to applications and​ analyzing those processes for threats.  The study gathered data from practitioners using interviews and a survey offered through DevOps-focused forums, primarily the Phoenix DevOps Meetup and the #NoDrama DevOps Mailing List and Blog.

This research and analysis sends a clear signal on several matters that are important for DevOps practitioners:

  • 70% of responding DevOps practitioners are not satisfied with their application secret delivery processes
  • Lack of satisfaction with the secret delivery processes indicates risk is around the corner about 50% of the time
  • Most practitioners lack tools to audit and detect unauthorized secret use 

The biggest challenges to secure application secret delivery processes are:

  1. Engineering staff lack understanding of how to solve The First Secret Problem. Unique combinations of secret vaults and deployment platforms complicate the Problem.
  2. Applications or delivery tooling do not support safe secret management practices.
  3. Practitioners need new or enhanced auditing tools to help them assure the confidentiality of secrets used by Cloud Native applications.

The report supports these statements with analysis of both quantitative and qualitative data gathered by the study.

Feel free to contact with questions or feedback on this research or assistance improving your secret delivery and management processes.