Skip to main content
banner image
venafi logo

What Is the Cost of Poor Secrets Management?

What Is the Cost of Poor Secrets Management?

March 2, 2022 | Guest Blogger: Ambler Jackson

As more and more company data gets migrated to the cloud, organizations need to ensure only authenticated and authorized users and machines are accessing their data. Authentication is the process used to verify user and machine identities.

Users enter passwords, access keys, and use multi-factor authentication (MFA) tokens to authenticate their identity. Properly authenticated users provide organizations with confidence that the user accessing their corporate access is a trusted one. Machines, however, use digital certificates to authenticate their identity and prove that they can be trusted. These secrets (e.g., keys and certificates) must be securely managed; otherwise, if exposed, the organization will be vulnerable to unauthorized access to sensitive data. And this can result in reputational harm and financial consequences—to the tune of millions of dollars.

Are your DevOps efforts outpacing X.509 certificate management? Read our white paper
Five common types of secrets

Secrets are sensitive information used to authenticate user and machine identities. For example, secrets allow a database administrator to access an organization’s database or an application to access another application (app-to-app or A2A). The proliferation of applications and machine-to-machine authentication and authorization has highlighted the need to understand the most commonly used secrets.

The most common types of secrets include:

  • Application Program Interface (API) keys
  • Certificates
  • Encryption keys
  • Passwords
  • Secure Shell or Secure Socket Shell (SSH) keys

As securing access to corporate assets becomes more complex, organizations will want to follow best practices in securely storing and transmitting secrets leveraging encryption.

Secrets management

Secrets management is a security measure that mitigates risks associated with maintaining secrets.

Although most enterprises understand the use and importance of secrets, many organizations are unaware of how to securely manage these secrets. According to a recent report from 1Password, Hidden in Plain Sight, out of the 500 IT/DevOps businesses that were surveyed, 52% say that the explosion of cloud applications has made managing secrets more difficult, and 60% have experienced secrets leakage. The report highlights the following challenges experienced by IT and DevOps survey responders:

  • Secrets leakage
  • Loss of productivity due to manual secrets management
  • Insecure sharing of secrets
  • Reuse of secrets
  • Secrets sprawl

In addition, there is a financial cost associated with these challenges. The average cost of a secrets leak is $1.2 million. Poor secrets management can result in organizations losing $8.5 billion annually. To address these challenges, organizations must determine the best approach to identifying the secrets they use, how the secrets are stored and transmitted, and what tool to use to automate secrets management.

Secrets management: DevOps, IT teams

DevOps is a set of practices that works to automate and integrate the processes between software development and IT teams, so they can build, test, and release software faster and more reliably. As the demand for software delivery increases, developers feel the pressure to meet demand, and in their haste, they may end up compromising enterprise security. Developers have been known to include company passwords or secrets in their code for convenience. However, storing passwords in plaintext has resulted in data breaches.

Hardcoded secrets, which are credentials that provide A2A access, are often left in the developer’s code. Leaving the code exposed creates a vulnerability that may be exploited by a cybercriminal. Furthermore, DevOps teams and IT teams are often decentralized and do not necessarily work together. This results in a siloed, decentralized environment, which is not conducive for strong secrets management. Effective secrets management across the continuous integration/continuous delivery (CI/CD) pipelines and DevOps processes is a great step towards integrating security in all development processes, commonly referred to as DevSecOps.


Secrets power an organization’s digital infrastructure. Just one exposed password or machine identity can lead to a far-reaching, costly data breach. Companies that are poorly managing their secrets, for example, by implementing manual procedures, invite risks that could be mitigated with strong secrets management.

As with any security measure, people are as important as the technology and processes that support implementation of the security measure. Creating a culture that has the appropriate awareness and training regarding secure secret storage and transmission will be key to the successful implementation of a secrets management tool.

The mark of strong secrets management is the use of a single automated source for securely storing and transmitting secrets. But it’s also critical that secrets management does not stand in the way of the developer and allows them to work within their preferred toolsets. Along those lines, Venafi integrates with HashiCorp Vault to allow DevOps to effectively manage their secrets.

Related posts

Like this blog? We think you will love this.
Featured Blog

A Guide to Popular DevOps Tools and How They Work

What is Infrastructure as Code (IaC)?

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Guest Blogger: Ambler Jackson
Guest Blogger: Ambler Jackson
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more