All Research
Executive View

Beyond Identity Secure DevOps

Paul Fisher
Organizations that fail to secure access to resources are at risk of suffering from cyberattacks, data loss or compliance failure. As the market grows and business demands become more acute, vendors are innovating to provide secure authentication for dynamic access to resources in the cloud and elsewhere. Traditional IAM platforms rely on password technologies for authentication, but these are now challenged by the demands of rapid delivery, high velocity IT environments. Beyond Identity was founded in 2019 and offers identity and authentication solutions in three critical operational areas: workforce ID management, customer ID management and DevOps ID management. This paper analyzes its software platform for managing identities within DevOps and other rapid coding environments - some of the most exciting yet difficult parts of modern digital organizations to secure.

1 Introduction

Business management likes DevOps — they get things done. DevOps produce code, applications and cloud-based services in response to demands from other lines of business. While DevOps took its name from the coming together of traditional Developers and Operations team practices to work towards a common goal, these days DevOps has become a catch all term for various team structures that are responsible for the writing, testing and deployment cycle of code within an organization — delivering a continuous internal software supply chain that the organization feeds on.

While the structure and hierarchy of DevOps teams will differ from one organization to another, the common theme of all DevOps teams is speed, automation, and reliance on cloud infrastructure. Increasingly, those writing code are also responsible for code testing and committing code to popular repository tools such as GitHub, GitLab and Bitbucket for other developers or deployment teams to pick up. It’s here that some security risks are introduced into the DevOps process.

Such is the demand for rapid delivery that code can be deployed with errors added after the original clean code was committed by the original, authorized developer. Those shipping code to production have no way of knowing if that code is original or has been modified with possible errors or vulnerabilities added by malicious actors. To counter these risks, organizations are looking to add a security layer within DevOps structures that limits access to code repositories and software lifecycles only to authorized and authenticated identities within the organization. In many complex organizations these identities can be machine or human and the number of identities run into the thousands.

This Executive View considers the Beyond Identity Secure DevOps platform which uses unique commit signing keys and APIs to verify the authenticity of all developer identities.

Full article is available for registered users with free trial access or paid subscription.
Log in
Register and read on!
Create an account and buy Professional package, to access this and 600+ other in-depth and up-to-date insights
Register your account to start 30 days of free trial access
Register
Get premium access
Choose a package

Stay up to date

Subscribe for a newsletter to receive updates on newest events, insights and research.
I have read and agree to the Privacy Policy
I have read and agree to the General Terms and Conditions