CyberArk announced CyberArk Secrets Hub, a new Software-as-a-Service (SaaS) solution.
Secrets Hub makes it easier for developers in hybrid environments to consume secrets on Amazon Web Services (AWS) using AWS Secrets Manager, while security managers retain centralized control and the ability to enforce unified policies over secrets using existing processes and infrastructure.
In the past, customers had to replicate secrets from CyberArk to AWS Secrets Manager, which could be time-consuming and error prone. Others kept these secrets duplicated in AWS Secrets Manager, which can create security islands and double the related management effort. Today, a majority of CyberArk customers operate in hybrid models. Being able to streamline and automate secrets management across environments can accelerate customers’ migration to the cloud by unblocking development without forcing massive shifts in their security processes.
“As customers evolve to hybrid architectures and build applications on AWS, their developers rely on AWS Secrets Manager to simplify development and operations. However, preserving developer experience can cause conflict with centralized security goals,” said Kurt Sand, general manager, DevSecOps at CyberArk.
“Secrets Hub solves this problem by allowing CyberArk customers to centrally manage and rotate the secrets used by developers using AWS Secrets Manager – delivering a cloud-native experience without any changes in their workflow. This allows security administrators to continue to create, rotate and monitor secrets through the familiar CyberArk interface across environments and developers to continue to take advantage of AWS Secrets Manager. It’s a win-win for everyone.”
Secrets Hub, part of the CyberArk Identity Security Platform, was developed in cooperation with the AWS Secrets Manager team to deliver effective secrets management in hybrid environments. CyberArk Secrets Hub works by automatically replicating CyberArk-managed secrets (that are intended for use on AWS) to AWS Secrets Manager. This allows users to:
- Centrally manage secrets across multiple AWS accounts and hybrid environments while helping to ensure data segregation
- Configure permissions for Secrets Hub on the relevant AWS account
- Create a synchronization policy by selecting what to sync and what target to sync
- Access the synchronized secrets leveraging AWS
Security professionals can centrally manage and enforce one policy and standard across the entire enterprise – including mixed environments – without changing compliance and audit processes.
Built for the dynamic enterprise, the CyberArk Identity Security Platform enables secure access for any identity, human or machine, to any resource or environment from anywhere using any device. Secrets Hub is currently available for CyberArk design partners with early availability details to be announced in second half (2H) of 2022.