Simplifying and automating IAM and PAM is something many respondents in a small global study felt could boost other DevOps efficiencies.

In a survey of 227 Identity and Access Management decision makers and 160 developers and managers in June 2021 across North America, Europe, the Middle East & Africa and the Asia Pacific region, over half of the organizations polled had experienced security incidents related to secrets-management problems in the past two years.

The survey, designed to address the security innovation paradox in DevOps environments, also paints a picture where only 5% of respondents said that most of their development teams use the same secrets management processes and tools.

In DevOps, secrets management are usually authentication credentials such as usernames and passwords, API tokens; encryption keys and related privileged access management (PAM) credentials.  While 68% of developers in the study had indicated that management prioritized security over release dates, 53% of IAM leaders in the polls claimed their developers lacked the understanding or ability to implement proper security controls.

Finally, developers and DevOps teams indicated that making secrets management invisible would improve their experience (63%) and productivity (69%). To accomplish this, 76% of IAM leaders indicated they needed purpose-built PAM for DevOps solutions that would reduce friction, centralize and automate IAM/PAM processes, presumably in continuous integration, continuous deployment pipelines.

The report by ThycoticCentrify also concluded that, while both IAM leaders and developers want to simplify access management, secure access controls are often too manual and full of friction, bottlenecking innovation. 

The firm’s Chief Technology Officer, David McNeely said: “The migration to Cloud and the drive to microservice architectures require a shift to automated application delivery. These new application architectures must be designed with security in mind to ensure compliance and protect the integrity and reputation of the company. Securing these new applications should be easy for developers, while simultaneously enabling the flexibility that operations teams need to respond to the demands of the business.”