We asked our champions for their best advice on Applying Identity to DevSecOps Tools and Processes. See below for their responses and we’d love to hear your perspective, too! Share your response on Twitter and join us in raising awareness of the importance of identity management and securing digital identities by sharing all of your best practices and advice on Twitter or LinkedIn using #BeIdentitySmart.
#BeIdentitySmart Week aims to spotlight the importance of identity security as part of Cybersecurity Awareness Month. Each day during the week we will focus on a specific aspect of identity security, posting blogs from the IDSA and the identity and security community, as well as crowdsourced advice from our Identity Management Champions.
““Manage infrastructure by making configuration changes by joining up with an identity provider. This will help you to build and tear down infrastructures in the cloud more easily.”– Rebecca Archambault, Trusted Identities Leader, HighMark, Highmark Western and Northeastern New York
“In applying identity to DevSecOps tools and processes, it is similarly important to ensure that access rights are granted and authorized in a way that makes sense. For DevSecOps, that should mean providing temporary access, that is granted when it is needed and for only the lowest level of privilege required. Further, for DevSecOps, baking security into processes in a way that ‘hides’ the security solution – so engineers and developers don’t even know they’re interacting with it – is a good way to ensure that they are being secure. that require access to critical business tasks.”– Rod Simmons, vice president of product strategy, Omada
<“The manual and automated processes within DevSecOps tools use human and machine identities to orchestrate workflows. When considering identity models used in these workflows, the risk of a mistake and the threat from malicious activity significantly increases as more privileges are granted. To minimize the risk, all unnecessary privileges should be removed from the identities, and their associated accounts, used in DevSecOps tools and processes. A least-privilege model should be enforced whereby privileges are restricted to the least amount needed for the workflows and tasks.”– Morey Haber, CISO, BeyondTrust