In November 2016, Venafi conducted a study on the cryptographic security practices and attitudes of DevOps teams. Study respondents included 431 IT professionals responsible for cryptographic assets at companies with DevOps programs in the U.S. and Europe.
According to the study, many organizations fail to enforce vital cryptographic security measures, resulting in lax DevOps practices. These problems are especially acute among organizations that are adopting DevOps practices, but even organizations that say their DevOps practices are mature do not follow best practices designed to protect cryptographic certificates and keys.
“It’s clear that most organizations, even those that say they have a mature DevOps practice, are still struggling with cryptographic security. They say they understand the risks associated with TLS/ SSL keys and certificates but they clearly aren’t translating that awareness into meaningful actions. This lax approach leaves organizations and their customers and partners extremely vulnerable to a wide range of cryptographic threats.”
-Kevin Bocek, chief security strategist for Venafi