Secret Management

Raw Text

Under DDoS Attack?

1-866-777-9980

Login

Login

Cloud Security Console

RASP Console

English

English EN

Deutsch DE

Espanol ES

Francais FR

Portugues PT-BR

日本語日本語

한국어 KR

中文 CN

Under DDoS Attack?

1-866-777-9980

Start for Free

Contact Us

Start for Free

Contact Us

Login

Login

Cloud Security Console

RASP Console

Why Imperva

Products Products Application Performance Application Security Data Security Network Security Imperva Plans Application Performance Application Performance Overview Optimize content delivery and user experience Content Delivery Network Boost website performance with caching and compression Waiting Room Virtual queuing to control visitor traffic The importance of a resilient CDN for digital performance Get featured report Application Security Application Security Overview Industry-leading application and API protection Web Application Firewall Instantly secure applications from the latest threats Advanced Bot Protection Identify and mitigate the most sophisticated bad bot API Security Discover shadow APIs and the sensitive data they handle DDoS Protection Secure all assets at the edge with guaranteed uptime Client-Side Protection Visibility and control over third-party JavaScript code Runtime Protection Secure workloads from unknown threats and vulnerabilities Serverless Protection Uncover security weaknesses on serverless environments Attack Analytics Complete visibility into your latest attacks and threats Imperva named a security leader in the SecureIQlab CyberRisk Report Get featured report Data Security Data Security Overview Protect all data and ensure compliance at any scale Data Security Fabric Multicloud, hybrid security platform protecting all data types Cloud Data Security SaaS-based data posture management and protection 2023 Strategic Roadmap for Data Security Platform Adoption Get featured report Network Security Network Security Overview Protection and control over your network infrastructure DNS Protection Always-on protection against DNS attacks DDoS Protection Secure all assets at the edge with guaranteed uptime Global DDoS Threat Landscape Report Get featured report Imperva Plans

Solutions Solutions By Use Case By Industry Imperva Plans By Use Case Application Security Stop software supply chain attacks Mitigate account takeover attacks Protect modern web applications Secure API inventories Protect against online fraud Embed security into DevOps Data Security Safeguard sensitive and personal data Advance data governance Assure data compliance and privacy Securely move data to the cloud Observe data risk management Monitor user behavior analytics Network Security Defend DDoS attacks at scale Secure business continuity in the event of an outage Application Performance Ensure consistent application performance By Industry Solutions by Industry Defense-in-depth security for every industry Government Healthcare Financial Services Telecom & ISPs Retail The State of Security within eCommerce 2022 Get free report Imperva Plans

Support Support Support Support Looking for technical support or services, please review our various channels below Technical Support Services Imperva University Community Support Portal Login Documentation EOL Policy

Partners Partners Channel Partners Technology Alliance Partners Channel Partners Channel Partners Program Looking for an Imperva partner? Find an approved one with the expertise to help you Imperva Partner Ecosystem Channel Partners Find a Partner Partner Portal Login Imperva partner, OCM-IT ®, helps Qualitas secure web apps and meet PCI compliance Learn how Technology Alliance Partners Technology Alliance Partners Imperva collaborates with the top technology companies Technology Alliance Partners (TAP) Become a TAP Find a TAP Protect your Cloudera data with Imperva Learn more

Customers Customers Application Security Customer Stories Data Security Customer Stories See all Customer Stories Application Security Customer Stories Application Security Customer Stories Learn how Imperva enables and protects industry leaders Imperva helps AARP protect senior citizens Tower ensures website visibility and uninterrupted business operations Sun Life secures critical applications from Supply Chain Attacks Qualitas continues its quality services using Imperva Application Security Learn how Data Security Customer Stories Data Security Customer Stories Learn how Imperva enables and protects industry leaders Banco Popular streamlines operations and lowers operational costs Discovery Inc. tackles data compliance in public cloud with Imperva Data Security Fabric Discovery Inc. tackles data compliance in public cloud Learn how See all Customer Stories

Resources Resources Resources Threat Research Learning Assets Resources Resources Get all the information you need about Imperva products and solutions Resource Library Blog Events & Webinars Case Studies Privacy, Compliance & Trust Center Imperva Certifications New Vulnerability in Popular Widget Shows Risks of Third-Party Code Read more Threat Research Threat Research Stay informed on the latest threats and vulnerabilities Cyber Threat Index Cyber Attack Map Free Tools Network Map Cyber Threat Index Latest threat analysis Learning Assets Learning Assets Expand and share your knowledge Learning Center Application Security Guide Data Security Guide Imperva Community Documentation Portal Browse the Imperva Learning Center for the latest cybersecurity topics Explore now

Company Company Company Company Get to know us, beyond our products and services About Us Events Careers Press & Awards Contact Information 2022 Sustainability Report Read more

Home > Learning Center > DataSec > Secret Management

Article's content

6.2k views

Data Security Essentials

What Is Secret Management?

Secret management is a practice that allows developers to securely store sensitive data such as passwords, keys, and tokens, in a secure environment with strict access controls.

For small software projects, secret management can be simple to achieve. But as teams and software codebases grow, there are additional secrets spread across an application ecosystem, making them more difficult to manage. Microservices, development tools, containers, orchestrators, and API connections all require secrets to perform their functions, and these must be stored and delivered in a secure manner.

It is very common to have secrets hard-coded into scripts, configurations, or source code, making them easily accessible to attackers. Secret management solutions can ensure that sensitive information is never embedded into any artifact in plaintext, saving secrets separately from code, and providing an audit trail by enforcing privilege-based sessions for all access attempts.

Secret Management Challenges

The more complex an IT ecosystem and the more diverse and numerous the secrets, the harder it is to store, transfer, and track secrets securely.

Here are some common risks and considerations relating to secret management.

1. Manual Sharing and Failure to Rotate Sensitive Data

Without secrets management, the only way to enable software systems to access each other is to manually share secrets within teams, or embed them in code or configuration. This leads to the use of weak passwords, and reuse of passwords across systems.

In addition, without secret management it is very difficult to rotate secrets, because any change to a password requires changing code, configuration, or re-sharing passwords across unsecure channels. Passwords and access cannot easily be revoked when they are no longer needed.

2. Hardcoded Credentials

App-to-app and application-to-database access and communications require secrets such as privileged passwords to enable authentication. IoT devices and applications often use default hardcoded (embedded) credentials that hackers can easily crack using scanners, dictionary attacks, or guessing techniques. DevOps tools, in particular, usually have secrets embedded in files or scripts, jeopardizing the security of the automation process.

3. Lack of Awareness and Visibility

There are often many privileged applications, accounts, tools, microservices, or containers deployed across an organization’s environment, along with their associated secrets, such as keys and passwords. Some organizations have millions of SSH keys, which is only part of the overall secret management burden.

Decentralized ecosystems are especially problematic for managing secrets because different developers, admins, etc., manage secrets independently (if at all). The lack of enterprise-wide oversight ensures there’ll be security gaps and auditing difficulties.

4. Cloud Computing Privileges

Virtualization and cloud administrator consoles like Office 365 and AWS use superuser privileges allowing users to access a broad range of resources and spin up or wind down applications and VMs quickly. Every VM instance has separate secrets and privileges that require management. The scale of cloud environments contributes to the burden of managing secrets.

5. DevOps Solutions

Secrets require management across an organization’s IT ecosystem, but DevOps environments tend to amplify the challenges of secret management. DevOps teams usually use many different configuration management and orchestration tools, employing automated technologies and platforms that rely on secrets to operate. It is important to apply the best practices to secure these secrets, such as rotating credentials, limiting access, auditing, etc.

6. Third-Party Accounts and Remote Access

Third-party vendors and external users often access sensitive resources with accounts connected via a remote access solution. Ensuring external users implement the right remote access practices and authorization is challenging. In these cases, the organization relies on a third party to manage secrets, relinquishing some control of the IT system’s security.

7. Manual Processes for Managing Secrets

Password and secret security should not be the sole responsibility of humans, who are prone to error and mismanagement. Manual security processes are more likely to have gaps and poor secret hygiene, including default passwords, reused or shared passwords, hardcoded secrets, and uncomplex passwords. Human error and negligence can expose secrets and result in breaches.

8. Lack of Centralized Secrets Management

Another concern is the need for centralized secrets management. As the number, variety, and complexity of IT systems increases, it becomes increasingly difficult to enforce and manage consistent policies across systems, understand where secrets are and how they are used. This problem is known as “secret sprawl”—secrets are distributed across different systems, each with its own unique secret management strategy. Because each application, cloud provider, or organizational unit has its own security model, there is no visibility across the organization.

What Are Secret Management Tools and Why Are they Important?

Secret management tools can resolve these challenges and prevent unauthorized access to sensitive data. This reduces the risk of data breaches , data theft, and unauthorized manipulation or alteration of sensitive corporate data and personally identifiable information (PII). All of these can have disastrous consequences for an organization, including direct financial loss, reputational damage, legal exposure, and regulatory fines.

Secret management tools allow companies to maintain confidentiality for data like passwords, encryption keys, SSH keys, API keys, database credentials, tokens, and certificates—including TLS/SSL certificates and private certificates. These tools can securely store, transmit, and manage digital credentials.

Businesses use secret management solutions to centrally manage secrets for their entire IT ecosystem. These tools reduce the risks associated with inappropriate and manual secret management, such as hardcoding secrets into scripts, using default passwords, manually sharing passwords, and failing to rotate credentials.

Secret management tools replace manual secret management (for example, maintaining spreadsheets with credentials to sensitive systems) and provide centralized visibility, monitoring, and management for secrets across an organization. These tools are most commonly used by software developers, security professionals, and IT operations teams (DevOps or DevSecOps ).

Best Practices for Secrets Management

Differentiate Between Secrets and Identifiers

Secrets are passwords, connection strings, and other information that can compromise your organization if exposed. It should only be shared with trusted applications and authenticated users or services.

Other information on the system, such as identifiers, IP addresses, user names, and DNS names, should be shared with discretion. These are not secrets, but they should not be easily guessed by third parties, and should be kept in confidence if possible. Identifiers should be unique for all clients of the authorization server.

Because identifiers are far less risky than secrets, it is important to clearly distinguish them and manage them separately from secrets. Secrets need to be very strictly controlled because they pose a direct risk of serious damage to applications and businesses if leaked.

Manage Privileges

In any organization, sensitive data and resources can be accessed by trusted user accounts and applications. This raises the risk that data will be compromised, either by malicious insiders or unintentional exposure. It is important to follow the principle of least privilege, in which a user or application is only granted privileges if they are necessary to perform its role. When access is no longer needed, it should be revoked.

When escalating privileges, for example to enable urgent maintenance work, this should be done with good reason and for a limited time. Privileged sessions should be carefully monitored to improve monitoring and accountability.

Rotate Secrets Frequently

Passwords and other secrets should be changed regularly after use. If a secret remains unchanged for a long time, more users and systems gain access to it, and can potentially compromise it. Secrets can be unknowingly leaked by employees or intentionally obtained by malicious agents, both inside and outside the organization. When using a secrets management tool, ensure you use its secret rotation functionality and set rotation to a sufficiently high frequency.

Encrypt Data Using a KMS

Ensure that all sensitive data is encrypted for added security. Because encryption keys are sensitive, and their loss means the loss of the underlying data, it is advisable to use a key management service (KMS). A KMS stores and manages keys and provides them automatically when data needs to be encrypted or decrypted. It also makes it possible to encrypt each dataset or resource with a different encryption key, helping you control access at a more granular level.

Detect Unauthorized Access

Even with the best security practices and tools, breaches will inevitably happen. Ensure you have a robust process for monitoring and identifying unauthorized access. Security, development, and operations teams should establish an incident response process to enable rapid response to a breach and fast remediation of any affected systems, to minimize damage to the organization.

Data Security with Imperva

Imperva Data Security Fabric protects all data workloads in hybrid multicloud environments with a modern and simplified approach to security and compliance automation. Imperva DSF flexible architecture supports a wide range of data repositories and clouds, ensuring security controls and policies are applied consistently everywhere.

Latest Blogs

Engineering

Data Security

Augmented Software Engineering in an AI Era

Gabriel Bayo

Mar 13, 2023 6 min read

Data Security

Imperva Announces Joining the EDB GlobalConnect Technology Partner Program and Certification of Imperva’s DSF Agents to Support EDB Postgres Advanced Server and Community PostgreSQL Databases

John Bedrick

Mar 8, 2023 3 min read

Data Security

Why Healthcare Cybercrime is the Perfect Storm

Terry Ray

Mar 7, 2023 5 min read

Application Security

Data Security

Industry Perspective

Is the FSI innovation rush leaving your data and application security controls behind?

Luke Richardson

Jan 16, 2023 5 min read

Latest Articles

App Security

Essentials

Protocols

OSI Model

763.3k Views

App Security

Essentials

Penetration Testing

537.1k Views

Edge Security

DDoS

Essentials

DDoS Attacks

365.7k Views

Edge Security

DDoS

Essentials

Distributed Denial of Service (DDoS)

204.8k Views

App Security

Essentials

Threats

Buffer Overflow Attack

199k Views

App Security

Essentials

CAPTCHA

161.7k Views

App Security

Attack Tools

Essentials

Threats

Bots

147.7k Views

Edge Security

Connection Optimization

Essentials

Sticky Session

147k Views

+1 866 926 4678

Imperva Partner Ecosystem

Channel Partners

Technology Alliances

Find a Partner

Partner Portal Login

Imperva Blog

Resource Library

Case Studies

Learning Center

Why Imperva

Who We Are

Events

Careers

Press & Awards

Contact Information

Network Map

System Status

Emergency DDoS Protection

Support Portal

Imperva Community

Documentation Portal

API Integration

Trust Center

Cookie Preferences Trust Center Modern Slavery Statement Privacy Legal

English

English

Deutsch

Espanol

Francais

Portugues

日本語

中文

+1 866 926 4678

English

English

Deutsch

Espanol

Francais

Portugues

日本語

中文

Cookie Preferences Trust Center Modern Slavery Statement Privacy Legal

Copyright © 2022 Imperva. All rights reserved

×

The State of Security Within eCommerce in 2022

Learn how automated threats and API attacks on retailers are increasing

Free Report

×

Prevoty is now part of the Imperva Runtime Protection

Protection against zero-day attacks

No tuning, highly-accurate out-of-the-box

Effective against OWASP top 10 vulnerabilities

Learn more here

×

Want to see Imperva in action?

Fill out the form and our experts will be in touch shortly to book your personal demo.

Thank you!

An Imperva security specialist will contact you shortly.

×

“Imperva prevented 10,000 attacks in the first 4 hours of Black Friday weekend with no latency to our online customers.”

Top 3 US Retailer

Single Line Text

Under DDoS Attack? 1-866-777-9980. Login. Login. Cloud Security Console. RASP Console. English. English EN. Deutsch DE. Espanol ES. Francais FR. Portugues PT-BR. 日本語日本語. 한국어 KR. 中文 CN. Under DDoS Attack? 1-866-777-9980. Start for Free. Contact Us. Start for Free. Contact Us. Login. Login. Cloud Security Console. RASP Console. Why Imperva. Products Products Application Performance Application Security Data Security Network Security Imperva Plans Application Performance Application Performance Overview Optimize content delivery and user experience Content Delivery Network Boost website performance with caching and compression Waiting Room Virtual queuing to control visitor traffic The importance of a resilient CDN for digital performance Get featured report Application Security Application Security Overview Industry-leading application and API protection Web Application Firewall Instantly secure applications from the latest threats Advanced Bot Protection Identify and mitigate the most sophisticated bad bot API Security Discover shadow APIs and the sensitive data they handle DDoS Protection Secure all assets at the edge with guaranteed uptime Client-Side Protection Visibility and control over third-party JavaScript code Runtime Protection Secure workloads from unknown threats and vulnerabilities Serverless Protection Uncover security weaknesses on serverless environments Attack Analytics Complete visibility into your latest attacks and threats Imperva named a security leader in the SecureIQlab CyberRisk Report Get featured report Data Security Data Security Overview Protect all data and ensure compliance at any scale Data Security Fabric Multicloud, hybrid security platform protecting all data types Cloud Data Security SaaS-based data posture management and protection 2023 Strategic Roadmap for Data Security Platform Adoption Get featured report Network Security Network Security Overview Protection and control over your network infrastructure DNS Protection Always-on protection against DNS attacks DDoS Protection Secure all assets at the edge with guaranteed uptime Global DDoS Threat Landscape Report Get featured report Imperva Plans. Solutions Solutions By Use Case By Industry Imperva Plans By Use Case Application Security Stop software supply chain attacks Mitigate account takeover attacks Protect modern web applications Secure API inventories Protect against online fraud Embed security into DevOps Data Security Safeguard sensitive and personal data Advance data governance Assure data compliance and privacy Securely move data to the cloud Observe data risk management Monitor user behavior analytics Network Security Defend DDoS attacks at scale Secure business continuity in the event of an outage Application Performance Ensure consistent application performance By Industry Solutions by Industry Defense-in-depth security for every industry Government Healthcare Financial Services Telecom & ISPs Retail The State of Security within eCommerce 2022 Get free report Imperva Plans. Support Support Support Support Looking for technical support or services, please review our various channels below Technical Support Services Imperva University Community Support Portal Login Documentation EOL Policy. Partners Partners Channel Partners Technology Alliance Partners Channel Partners Channel Partners Program Looking for an Imperva partner? Find an approved one with the expertise to help you Imperva Partner Ecosystem Channel Partners Find a Partner Partner Portal Login Imperva partner, OCM-IT ®, helps Qualitas secure web apps and meet PCI compliance Learn how Technology Alliance Partners Technology Alliance Partners Imperva collaborates with the top technology companies Technology Alliance Partners (TAP) Become a TAP Find a TAP Protect your Cloudera data with Imperva Learn more. Customers Customers Application Security Customer Stories Data Security Customer Stories See all Customer Stories Application Security Customer Stories Application Security Customer Stories Learn how Imperva enables and protects industry leaders Imperva helps AARP protect senior citizens Tower ensures website visibility and uninterrupted business operations Sun Life secures critical applications from Supply Chain Attacks Qualitas continues its quality services using Imperva Application Security Learn how Data Security Customer Stories Data Security Customer Stories Learn how Imperva enables and protects industry leaders Banco Popular streamlines operations and lowers operational costs Discovery Inc. tackles data compliance in public cloud with Imperva Data Security Fabric Discovery Inc. tackles data compliance in public cloud Learn how See all Customer Stories. Resources Resources Resources Threat Research Learning Assets Resources Resources Get all the information you need about Imperva products and solutions Resource Library Blog Events & Webinars Case Studies Privacy, Compliance & Trust Center Imperva Certifications New Vulnerability in Popular Widget Shows Risks of Third-Party Code Read more Threat Research Threat Research Stay informed on the latest threats and vulnerabilities Cyber Threat Index Cyber Attack Map Free Tools Network Map Cyber Threat Index Latest threat analysis Learning Assets Learning Assets Expand and share your knowledge Learning Center Application Security Guide Data Security Guide Imperva Community Documentation Portal Browse the Imperva Learning Center for the latest cybersecurity topics Explore now. Company Company Company Company Get to know us, beyond our products and services About Us Events Careers Press & Awards Contact Information 2022 Sustainability Report Read more. Home > Learning Center > DataSec > Secret Management. Article's content. 6.2k views. Data Security Essentials. What Is Secret Management? Secret management is a practice that allows developers to securely store sensitive data such as passwords, keys, and tokens, in a secure environment with strict access controls. For small software projects, secret management can be simple to achieve. But as teams and software codebases grow, there are additional secrets spread across an application ecosystem, making them more difficult to manage. Microservices, development tools, containers, orchestrators, and API connections all require secrets to perform their functions, and these must be stored and delivered in a secure manner. It is very common to have secrets hard-coded into scripts, configurations, or source code, making them easily accessible to attackers. Secret management solutions can ensure that sensitive information is never embedded into any artifact in plaintext, saving secrets separately from code, and providing an audit trail by enforcing privilege-based sessions for all access attempts. Secret Management Challenges. The more complex an IT ecosystem and the more diverse and numerous the secrets, the harder it is to store, transfer, and track secrets securely. Here are some common risks and considerations relating to secret management. 1. Manual Sharing and Failure to Rotate Sensitive Data. Without secrets management, the only way to enable software systems to access each other is to manually share secrets within teams, or embed them in code or configuration. This leads to the use of weak passwords, and reuse of passwords across systems. In addition, without secret management it is very difficult to rotate secrets, because any change to a password requires changing code, configuration, or re-sharing passwords across unsecure channels. Passwords and access cannot easily be revoked when they are no longer needed. 2. Hardcoded Credentials. App-to-app and application-to-database access and communications require secrets such as privileged passwords to enable authentication. IoT devices and applications often use default hardcoded (embedded) credentials that hackers can easily crack using scanners, dictionary attacks, or guessing techniques. DevOps tools, in particular, usually have secrets embedded in files or scripts, jeopardizing the security of the automation process. 3. Lack of Awareness and Visibility. There are often many privileged applications, accounts, tools, microservices, or containers deployed across an organization’s environment, along with their associated secrets, such as keys and passwords. Some organizations have millions of SSH keys, which is only part of the overall secret management burden. Decentralized ecosystems are especially problematic for managing secrets because different developers, admins, etc., manage secrets independently (if at all). The lack of enterprise-wide oversight ensures there’ll be security gaps and auditing difficulties. 4. Cloud Computing Privileges. Virtualization and cloud administrator consoles like Office 365 and AWS use superuser privileges allowing users to access a broad range of resources and spin up or wind down applications and VMs quickly. Every VM instance has separate secrets and privileges that require management. The scale of cloud environments contributes to the burden of managing secrets. 5. DevOps Solutions. Secrets require management across an organization’s IT ecosystem, but DevOps environments tend to amplify the challenges of secret management. DevOps teams usually use many different configuration management and orchestration tools, employing automated technologies and platforms that rely on secrets to operate. It is important to apply the best practices to secure these secrets, such as rotating credentials, limiting access, auditing, etc. 6. Third-Party Accounts and Remote Access. Third-party vendors and external users often access sensitive resources with accounts connected via a remote access solution. Ensuring external users implement the right remote access practices and authorization is challenging. In these cases, the organization relies on a third party to manage secrets, relinquishing some control of the IT system’s security. 7. Manual Processes for Managing Secrets. Password and secret security should not be the sole responsibility of humans, who are prone to error and mismanagement. Manual security processes are more likely to have gaps and poor secret hygiene, including default passwords, reused or shared passwords, hardcoded secrets, and uncomplex passwords. Human error and negligence can expose secrets and result in breaches. 8. Lack of Centralized Secrets Management. Another concern is the need for centralized secrets management. As the number, variety, and complexity of IT systems increases, it becomes increasingly difficult to enforce and manage consistent policies across systems, understand where secrets are and how they are used. This problem is known as “secret sprawl”—secrets are distributed across different systems, each with its own unique secret management strategy. Because each application, cloud provider, or organizational unit has its own security model, there is no visibility across the organization. What Are Secret Management Tools and Why Are they Important? Secret management tools can resolve these challenges and prevent unauthorized access to sensitive data. This reduces the risk of data breaches , data theft, and unauthorized manipulation or alteration of sensitive corporate data and personally identifiable information (PII). All of these can have disastrous consequences for an organization, including direct financial loss, reputational damage, legal exposure, and regulatory fines. Secret management tools allow companies to maintain confidentiality for data like passwords, encryption keys, SSH keys, API keys, database credentials, tokens, and certificates—including TLS/SSL certificates and private certificates. These tools can securely store, transmit, and manage digital credentials. Businesses use secret management solutions to centrally manage secrets for their entire IT ecosystem. These tools reduce the risks associated with inappropriate and manual secret management, such as hardcoding secrets into scripts, using default passwords, manually sharing passwords, and failing to rotate credentials. Secret management tools replace manual secret management (for example, maintaining spreadsheets with credentials to sensitive systems) and provide centralized visibility, monitoring, and management for secrets across an organization. These tools are most commonly used by software developers, security professionals, and IT operations teams (DevOps or DevSecOps ). Best Practices for Secrets Management. Differentiate Between Secrets and Identifiers. Secrets are passwords, connection strings, and other information that can compromise your organization if exposed. It should only be shared with trusted applications and authenticated users or services. Other information on the system, such as identifiers, IP addresses, user names, and DNS names, should be shared with discretion. These are not secrets, but they should not be easily guessed by third parties, and should be kept in confidence if possible. Identifiers should be unique for all clients of the authorization server. Because identifiers are far less risky than secrets, it is important to clearly distinguish them and manage them separately from secrets. Secrets need to be very strictly controlled because they pose a direct risk of serious damage to applications and businesses if leaked. Manage Privileges. In any organization, sensitive data and resources can be accessed by trusted user accounts and applications. This raises the risk that data will be compromised, either by malicious insiders or unintentional exposure. It is important to follow the principle of least privilege, in which a user or application is only granted privileges if they are necessary to perform its role. When access is no longer needed, it should be revoked. When escalating privileges, for example to enable urgent maintenance work, this should be done with good reason and for a limited time. Privileged sessions should be carefully monitored to improve monitoring and accountability. Rotate Secrets Frequently. Passwords and other secrets should be changed regularly after use. If a secret remains unchanged for a long time, more users and systems gain access to it, and can potentially compromise it. Secrets can be unknowingly leaked by employees or intentionally obtained by malicious agents, both inside and outside the organization. When using a secrets management tool, ensure you use its secret rotation functionality and set rotation to a sufficiently high frequency. Encrypt Data Using a KMS. Ensure that all sensitive data is encrypted for added security. Because encryption keys are sensitive, and their loss means the loss of the underlying data, it is advisable to use a key management service (KMS). A KMS stores and manages keys and provides them automatically when data needs to be encrypted or decrypted. It also makes it possible to encrypt each dataset or resource with a different encryption key, helping you control access at a more granular level. Detect Unauthorized Access. Even with the best security practices and tools, breaches will inevitably happen. Ensure you have a robust process for monitoring and identifying unauthorized access. Security, development, and operations teams should establish an incident response process to enable rapid response to a breach and fast remediation of any affected systems, to minimize damage to the organization. Data Security with Imperva. Imperva Data Security Fabric protects all data workloads in hybrid multicloud environments with a modern and simplified approach to security and compliance automation. Imperva DSF flexible architecture supports a wide range of data repositories and clouds, ensuring security controls and policies are applied consistently everywhere. Latest Blogs. Engineering. Data Security. Augmented Software Engineering in an AI Era. Gabriel Bayo. Mar 13, 2023 6 min read. Data Security. Imperva Announces Joining the EDB GlobalConnect Technology Partner Program and Certification of Imperva’s DSF Agents to Support EDB Postgres Advanced Server and Community PostgreSQL Databases. John Bedrick. Mar 8, 2023 3 min read. Data Security. Why Healthcare Cybercrime is the Perfect Storm. Terry Ray. Mar 7, 2023 5 min read. Application Security. Data Security. Industry Perspective. Is the FSI innovation rush leaving your data and application security controls behind? Luke Richardson. Jan 16, 2023 5 min read. Latest Articles. App Security. Essentials. Protocols. OSI Model. 763.3k Views. App Security. Essentials. Penetration Testing. 537.1k Views. Edge Security. DDoS. Essentials. DDoS Attacks. 365.7k Views. Edge Security. DDoS. Essentials. Distributed Denial of Service (DDoS) 204.8k Views. App Security. Essentials. Threats. Buffer Overflow Attack. 199k Views. App Security. Essentials. CAPTCHA. 161.7k Views. App Security. Attack Tools. Essentials. Threats. Bots. 147.7k Views. Edge Security. Connection Optimization. Essentials. Sticky Session. 147k Views. +1 866 926 4678. Imperva Partner Ecosystem. Channel Partners. Technology Alliances. Find a Partner. Partner Portal Login. Imperva Blog. Resource Library. Case Studies. Learning Center. Why Imperva. Who We Are. Events. Careers. Press & Awards. Contact Information. Network Map. System Status. Emergency DDoS Protection. Support Portal. Imperva Community. Documentation Portal. API Integration. Trust Center. Cookie Preferences Trust Center Modern Slavery Statement Privacy Legal. English. English. Deutsch. Espanol. Francais. Portugues. 日本語. 中文. +1 866 926 4678. English. English. Deutsch. Espanol. Francais. Portugues. 日本語. 中文. Cookie Preferences Trust Center Modern Slavery Statement Privacy Legal. Copyright © 2022 Imperva. All rights reserved. ×. The State of Security Within eCommerce in 2022. Learn how automated threats and API attacks on retailers are increasing. Free Report. ×. Prevoty is now part of the Imperva Runtime Protection. Protection against zero-day attacks. No tuning, highly-accurate out-of-the-box. Effective against OWASP top 10 vulnerabilities. Learn more here. ×. Want to see Imperva in action? Fill out the form and our experts will be in touch shortly to book your personal demo. Thank you! An Imperva security specialist will contact you shortly. ×. “Imperva prevented 10,000 attacks in the first 4 hours of Black Friday weekend with no latency to our online customers.” Top 3 US Retailer.