SecurityBrief India - Technology news for CISOs & cybersecurity decision-makers
Story image

GitGuardian report highlights rising secrets security concerns

Fri, 1st Nov 2024

GitGuardian has released its "Voice of Practitioners 2024" report highlighting growing concerns over secrets security within application security (AppSec), developed in collaboration with CyberArk.

The report surveyed 1,000 IT decision-makers in large organisations revealing a marked increase in awareness and concern about secrets sprawl. It notes that 79% of respondents have experienced or been aware of secrets leaking within their organisation, reflecting an increase from the previous year's 75%.

There is a notable rise in investment towards secrets management, with 77% of participants currently investing in or planning to invest in tools aimed at secrets detection and remediation by 2025. According to the report, 75% of respondents are focusing efforts specifically on secrets detection and remediation tools.

Furthermore, 74% of the survey's respondents have deployed at least a partially mature strategy to prevent secret leaks. However, 23% of organisations still rely on manual processes or lack a definite strategy, a decrease from last year's 27%, highlighting potential gaps in preparedness among some entities.

The report indicates a significant level of confidence among organisations regarding their ability to detect and prevent hardcoded secrets in source code. Seventy-five per cent expressed moderate to high confidence, with US respondents displaying an even higher confidence level at 84%. Respondents also stated they could rotate approximately 36% of their secrets annually.

Notwithstanding this confidence, the average remediation time for a leaked secret remains a challenge, standing at 27 days. However, the report suggests that utilising secrets detection and remediation solutions could potentially reduce this timeframe to about 13 days within a year.

Increasing concerns were observed regarding artificial intelligence (AI) and supply chain risks. Specifically, 43% of those surveyed expressed apprehension about AI potentially learning and replicating sensitive information patterns. Additionally, 32% identified the danger associated with the use of hardcoded secrets within their software supply chains.

"The findings of our 2024 report underscore the escalating threat of secrets leaks and the need for robust, automated solutions to mitigate these risks," said Eric Fourrier, CEO of GitGuardian. He emphasised the importance for organisations to prioritise comprehensive strategies encompassing early detection, rapid remediation, and developer education.

Kurt Sand, General Manager Machine Identity Security at CyberArk, commented, "It is encouraging that security leaders increasingly recognise the importance of securing machine identities and eliminating hardcoded secrets." He added that the report brings to light the necessity for automation in improving security and efficiency, particularly in light of the increasing role of AI which drives the rise in machine identities.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X