API Security , Application Security , Events
Pulling the Covers Off 'Secret Sprawl' to Reduce Risk
SafeBreach CISO Avishai Avivi Discusses Finding and Managing 'Secrets'"Secret sprawl" is a huge issue that is creating growing security risk for many organizations - including leading to potential compromises that shut down businesses, said Avishai Avivi, CISO, SafeBreach.
See Also: ESG Research Report: Securing the API Attack Surface
"We've adapted to the idea that passwords are not enough, and users have multifactor authentication turned on," he said.
But we haven't really solved this for devices communicating with devices or applications communicating with applications, he said. "So we use secrets, tokens or API keys - and those are really just passwords. There are really no good password managers for those applications," he added.
In this video interview with Information Security Media Group at RSA Conference 2023, Avivi also discusses:
- Other challenges involved with secret sprawl;
- Cloud-related risk involving passwords;
- How his organization has addressed these issues.
Prior to joining SafeBreach, Avivi held CISO and chief privacy roles at several other companies. He has about 30 years of experience in leading effective management initiatives.