Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

4/14/2021
01:50 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

1Password Launches Secrets Automation & Makes Acquisition to Protect Infrastructure Secrets

1Password expands focus to protect both human and machine secrets for companies worldwide.

TORONTO, April 13, 2021 /PRNewswire/ -- 1Password, the leader in enterprise password management, today launched Secrets Automation, a new way to easily secure, manage and orchestrate the rapidly expanding infrastructure secrets required in a modern enterprise. Secrets such as corporate credentials, API tokens, keys and certificates can number in the hundreds for midsize businesses and many thousands for enterprises. This scale and complexity lead to huge security risks. In addition to the new product launch, 1Password also completed the acquisition of SecretHub, a secrets management company that protects nearly 5 million enterprise secrets a month. The SecretHub team and CEO Marc Mackenbach will join the 1Password immediately, adding expertise and engineers to accelerate the 1Password Secrets Automation roadmap. 1Password Secrets Automation launches with a host of partnerships and integrations that will make it easy for developers and DevOps teams to integrate with the mission-critical tools and libraries they already use. 

1Password is the first line of defense for more than 80,000 businesses worldwide protecting their employees, customers and intellectual property by securing passwords, financial details and other sensitive information. Today's launch and SecretHub acquisition signal a major expansion of 1Password, helping enterprises secure their infrastructure and machine-to-machine secrets alongside their human passwords.

"Companies need to protect their infrastructure secrets as much as their employees' passwords," said Jeff Shiner, CEO of 1Password. "With 1Password and Secrets Automation, there is a single source of truth to secure, manage and orchestrate all of your business secrets. We are the first company to bring both human and machine secrets together in a significant and easy-to-use way."

Secrets Security Not Keeping Pace
With the massive expansion of SaaS applications, infrastructure secrets are multiplying as never before, scattered across multiple services and cloud providers. Companies often try to protect these secrets through a combination of home-grown solutions and awkward hacks. Human error within IT and developer organizations happens all the time and is compounded by risky shortcuts taken in the name of speed and productivity.

Leaked secrets can have widespread ramifications; when an engineer accidentally placed a secret key into source code at Uber, the names, drivers licenses and other private information of 57 million users was stolen. A recent GitGuardian report detected more than 2 million infrastructure secrets exposed on code sharing platforms, growing 20% over the previous year. This underscores the massive and growing issue around properly managing secrets and protecting sensitive customer data.

1Password Secrets Automation was developed to directly address these challenges. Key features include:

  • The security of 1Password – store credentials, tokens and other secrets fully encrypted, using the same security that made 1Password the No. 1 enterprise password manager.
  • A single source of truth for all your secrets – gain complete visibility and auditability in a way that you can't when secrets are spread across multiple services.
  • Granular access control – define which people and services have access and what level of access they are granted.
  • Ease of use – built on 1Password's intuitive user interface, Secrets Automation delivers administrative simplicity, providing for good secrets hygiene.
  • Integration with your existing tools – Secrets Automation integrates with HashiCorp Vault, Terraform, Kubernetes and Ansible, with more integrations on the way. You'll also find ready-to-use client libraries in Go, Node and Python.

1Password and GitHub are also announcing a partnership today: "We're partnering with 1Password because their cross-platform solution will make life easier for developers and security teams alike," said Dana Lawson, VP of partner engineering and development at GitHub, the largest and most advanced development platform in the world. "With the upcoming GitHub and 1Password Secrets Automation integration, teams will be able to fully automate all of their infrastructure secrets, with full peace of mind that they are safe and secure."

A Roadmap Driven by Customer Demand:
Kira Systems, an AI-based contract review and analysis software company, was one of many customers that requested 1Password expand its offering to solve their secrets management problems.

"We've been a 1Password customer for six years and have long wanted to centralize our secrets management," said Joey Coleman, Kira Fellow and director, systems with Kira Systems. "We store terabytes of sensitive data across many deployments, so it is critical for us to have a secure and efficient way of managing the credentials that give access to that data. Secrets Automation delivers an extra level of security while also removing the manual labor required to manage the volume of passwords and credentials."

For more information or to sign up for a trial go to https://1password.com/secrets/.

About 1Password
1Password is the leader in enterprise password management. By combining industry-leading security and award-winning design, the company provides private, secure and user-friendly password and secrets management to businesses and consumers globally. 1Password's Enterprise Password Manager is trusted by more than 80,000 business customers, including IBM, Slack, PagerDuty, WealthSimple, Dropbox and Gitlab. Learn more at 1Password.com.

SOURCE 1Password

Related Links

https://1password.com

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/11/2021
Edge-DRsplash-10-edge-articles
Cybersecurity: What Is Truly Essential?
Joshua Goldfarb, Director of Product Management at F5,  5/12/2021
Commentary
3 Cybersecurity Myths to Bust
Etay Maor, Sr. Director Security Strategy at Cato Networks,  5/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google Maps is taking "interactive" to a whole new level!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15279
PUBLISHED: 2021-05-18
An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.23.320 allows a regular user to learn the scanning exclusion paths. This issue was discovered during external security research.
CVE-2021-3423
PUBLISHED: 2021-05-18
Uncontrolled Search Path Element vulnerability in the openssl component as used in Bitdefender GravityZone Business Security allows an attacker to load a third party DLL to elevate privileges. This issue affects Bitdefender GravityZone Business S...
CVE-2020-18194
PUBLISHED: 2021-05-17
Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post.
CVE-2020-18195
PUBLISHED: 2021-05-17
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page."
CVE-2020-18198
PUBLISHED: 2021-05-17
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component " /admin.php?action=images."