The 2024 State of Secrets Management Survey Report

Akeyless - The 2024 State of Secrets Management Survey Report

Introduction and Methodology

• Introduction: With the rise of cloud computing, containerization, automated DevOps, and zero-trust policies, there has been an increase in machine identities requiring continuous authentication and authorization via secrets (credentials, certificates, keys). These secrets are often found in vulnerable locations, making them attractive targets for hackers.

• Methodology: The survey was conducted online by Global Surveyz Research, involving 200 CISOs, Directors, Managers, security engineers, and other senior security professionals from companies with 1,000+ employees across the US, UK, Germany, and France. Responses were collected in June 2023.

Key Findings

1. Secrets Sprawl: 96% of respondents reported that organizational secrets are kept outside of secrets managers in vulnerable locations like code, config files, and CI/CD tools.

2. Concern About Secrets Sprawl: 88% of security professionals are concerned about secrets sprawl, with 49% of those in larger companies being "very concerned."

3. Top Priority: Secrets management is one of the top five cybersecurity priorities for 33% of respondents.

4. Current Usage: Only 44% of respondents are currently using a secrets management system.

5. Secret Leaks: 70% of respondents have experienced secret leaks in the past two years, with an average of 36 hours required to mitigate a leak.

6. Centralized Solutions: 96% of respondents plan to implement a centralized enterprise solution for secrets management by 2024 or already have one in place.

Survey Report Findings

• Secrets Sprawl in the Organization: Secrets are often stored in multiple locations, including config files (48%), infrastructure tools (48%), CI/CD tools (35%), and code (33%).

• Concern Levels: 88% of respondents are concerned about secrets sprawl, with larger companies showing higher levels of concern.

• Top Cybersecurity Priorities: Secrets management is among the top five priorities for 33% of respondents, alongside cloud security (45%), API security (42%), endpoint security (36%), and threat intelligence (34%).

• Tools for Managing Secrets: Key Management Systems (48%), Certificate Management Systems (45%), and Privileged Access Management systems (44%) are the most commonly used tools.

• Protection from Credential Breaches: 55% of respondents see Privileged Access Management solutions as the top tool for protecting against breaches due to compromised credentials.

• Dissatisfaction Drivers: The top reasons for dissatisfaction with current secrets management solutions are that not all secrets are secured (54%) and there is no central management (43%).

• Plans for Centralized Solutions: 96% of respondents plan to implement a centralized enterprise solution for secrets management by 2024 or already have one in place.

• Secret Leaks: 70% of respondents have experienced secret leaks in the past two years, with an average of 36 hours required to mitigate a leak.

• Mitigation Measures: Common measures include recreating identities (71%), rotating secrets (38%), and using temporary permissions (30%).

Conclusions

• Increasing Awareness: There is a growing awareness of the risks associated with secrets sprawl and the need for effective secrets management solutions.

• Need for Centralization: A centralized and unified platform for secrets management is crucial for mitigating risks and improving security.

• Adoption Challenges: Despite the recognition of the importance of secrets management, many organizations still face challenges in adopting and fully utilizing these solutions.