IT Brief Asia - Technology news for CIOs & IT decision-makers
Asia
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
Application Security
#
CyberArk
#
Security Posture

GitGuardian report highlights rising secrets security concerns

Today
Author image
By Shannon Williams, Journalist

GitGuardian has released its "Voice of Practitioners 2024" report highlighting growing concerns over secrets security within application security (AppSec), developed in collaboration with CyberArk.

The report surveyed 1,000 IT decision-makers in large organisations revealing a marked increase in awareness and concern about secrets sprawl. It notes that 79% of respondents have experienced or been aware of secrets leaking within their organisation, reflecting an increase from the previous year's 75%.

There is a notable rise in investment towards secrets management, with 77% of participants currently investing in or planning to invest in tools aimed at secrets detection and remediation by 2025. According to the report, 75% of respondents are focusing efforts specifically on secrets detection and remediation tools.

Furthermore, 74% of the survey's respondents have deployed at least a partially mature strategy to prevent secret leaks. However, 23% of organisations still rely on manual processes or lack a definite strategy, a decrease from last year's 27%, highlighting potential gaps in preparedness among some entities.

The report indicates a significant level of confidence among organisations regarding their ability to detect and prevent hardcoded secrets in source code. Seventy-five per cent expressed moderate to high confidence, with US respondents displaying an even higher confidence level at 84%. Respondents also stated they could rotate approximately 36% of their secrets annually.

Notwithstanding this confidence, the average remediation time for a leaked secret remains a challenge, standing at 27 days. However, the report suggests that utilising secrets detection and remediation solutions could potentially reduce this timeframe to about 13 days within a year.

Increasing concerns were observed regarding artificial intelligence (AI) and supply chain risks. Specifically, 43% of those surveyed expressed apprehension about AI potentially learning and replicating sensitive information patterns. Additionally, 32% identified the danger associated with the use of hardcoded secrets within their software supply chains.

"The findings of our 2024 report underscore the escalating threat of secrets leaks and the need for robust, automated solutions to mitigate these risks," said Eric Fourrier, CEO of GitGuardian. He emphasised the importance for organisations to prioritise comprehensive strategies encompassing early detection, rapid remediation, and developer education.

Kurt Sand, General Manager Machine Identity Security at CyberArk, commented, "It is encouraging that security leaders increasingly recognise the importance of securing machine identities and eliminating hardcoded secrets." He added that the report brings to light the necessity for automation in improving security and efficiency, particularly in light of the increasing role of AI which drives the rise in machine identities.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
New report reveals persistent API security breaches risk
Westcon-Comstor shifts to 42% renewable energy in 2023
Study reveals severe security flaws in finance software
Fergus & Groundplan partner for seamless tradie solutions
GitHub report: AI propels Python to top language slot
Top stories
Unlocking the customer-centric value of ERP systems in distribution
Unisys named global leader in ISG 2024 workplace report
Aflac wins 2024 CSO award for innovative security project
Apptio unveils brand new AI and sustainability features
STT GDC set to launch Philippines' largest data centre