Secret Management
Raw Text
Under DDoS Attack?
1-866-777-9980
Login
Login
Cloud Security Console
RASP Console
English
English EN
Deutsch DE
Espanol ES
Francais FR
Portugues PT-BR
日本語 日本語
í•śęµě–´ KR
ä¸ć–‡ CN
Under DDoS Attack?
1-866-777-9980
Start for Free
Contact Us
Start for Free
Contact Us
Login
Login
Cloud Security Console
RASP Console
Why Imperva
Products Products Application Performance Application Security Data Security Network Security Imperva Plans Application Performance Application Performance Overview Optimize content delivery and user experience Content Delivery Network Boost website performance with caching and compression Waiting Room Virtual queuing to control visitor traffic The importance of a resilient CDN for digital performance Get featured report Application Security Application Security Overview Industry-leading application and API protection Web Application Firewall Instantly secure applications from the latest threats Advanced Bot Protection Identify and mitigate the most sophisticated bad bot API Security Discover shadow APIs and the sensitive data they handle DDoS Protection Secure all assets at the edge with guaranteed uptime Client-Side Protection Visibility and control over third-party JavaScript code Runtime Protection Secure workloads from unknown threats and vulnerabilities Serverless Protection Uncover security weaknesses on serverless environments Attack Analytics Complete visibility into your latest attacks and threats Imperva named a security leader in the SecureIQlab CyberRisk Report Get featured report Data Security Data Security Overview Protect all data and ensure compliance at any scale Data Security Fabric Multicloud, hybrid security platform protecting all data types Cloud Data Security SaaS-based data posture management and protection 2023 Strategic Roadmap for Data Security Platform Adoption Get featured report Network Security Network Security Overview Protection and control over your network infrastructure DNS Protection Always-on protection against DNS attacks DDoS Protection Secure all assets at the edge with guaranteed uptime Global DDoS Threat Landscape Report Get featured report Imperva Plans
Solutions Solutions By Use Case By Industry Imperva Plans By Use Case Application Security Stop software supply chain attacks Mitigate account takeover attacks Protect modern web applications Secure API inventories Protect against online fraud Embed security into DevOps Data Security Safeguard sensitive and personal data Advance data governance Assure data compliance and privacy Securely move data to the cloud Observe data risk management Monitor user behavior analytics Network Security Defend DDoS attacks at scale Secure business continuity in the event of an outage Application Performance Ensure consistent application performance By Industry Solutions by Industry Defense-in-depth security for every industry Government Healthcare Financial Services Telecom & ISPs Retail The State of Security within eCommerce 2022 Get free report Imperva Plans
Support Support Support Support Looking for technical support or services, please review our various channels below Technical Support Services Imperva University Community Support Portal Login Documentation EOL Policy
Partners Partners Channel Partners Technology Alliance Partners Channel Partners Channel Partners Program Looking for an Imperva partner? Find an approved one with the expertise to help you Imperva Partner Ecosystem Channel Partners Find a Partner Partner Portal Login Imperva partner, OCM-IT ®, helps Qualitas secure web apps and meet PCI compliance Learn how Technology Alliance Partners Technology Alliance Partners Imperva collaborates with the top technology companies Technology Alliance Partners (TAP) Become a TAP Find a TAP Protect your Cloudera data with Imperva Learn more
Customers Customers Application Security Customer Stories Data Security Customer Stories See all Customer Stories Application Security Customer Stories Application Security Customer Stories Learn how Imperva enables and protects industry leaders Imperva helps AARP protect senior citizens Tower ensures website visibility and uninterrupted business operations Sun Life secures critical applications from Supply Chain Attacks Qualitas continues its quality services using Imperva Application Security Learn how Data Security Customer Stories Data Security Customer Stories Learn how Imperva enables and protects industry leaders Banco Popular streamlines operations and lowers operational costs Discovery Inc. tackles data compliance in public cloud with Imperva Data Security Fabric Discovery Inc. tackles data compliance in public cloud Learn how See all Customer Stories
Resources Resources Resources Threat Research Learning Assets Resources Resources Get all the information you need about Imperva products and solutions Resource Library Blog Events & Webinars Case Studies Privacy, Compliance & Trust Center Imperva Certifications New Vulnerability in Popular Widget Shows Risks of Third-Party Code Read more Threat Research Threat Research Stay informed on the latest threats and vulnerabilities Cyber Threat Index Cyber Attack Map Free Tools Network Map Cyber Threat Index Latest threat analysis Learning Assets Learning Assets Expand and share your knowledge Learning Center Application Security Guide Data Security Guide Imperva Community Documentation Portal Browse the Imperva Learning Center for the latest cybersecurity topics Explore now
Company Company Company Company Get to know us, beyond our products and services About Us Events Careers Press & Awards Contact Information 2022 Sustainability Report Read more
Home  > Learning Center  > DataSec  > Secret Management
Article's content
6.2k views
Data Security Essentials
What Is Secret Management?
Secret management is a practice that allows developers to securely store sensitive data such as passwords, keys, and tokens, in a secure environment with strict access controls.
For small software projects, secret management can be simple to achieve. But as teams and software codebases grow, there are additional secrets spread across an application ecosystem, making them more difficult to manage. Microservices, development tools, containers, orchestrators, and API connections all require secrets to perform their functions, and these must be stored and delivered in a secure manner.
It is very common to have secrets hard-coded into scripts, configurations, or source code, making them easily accessible to attackers. Secret management solutions can ensure that sensitive information is never embedded into any artifact in plaintext, saving secrets separately from code, and providing an audit trail by enforcing privilege-based sessions for all access attempts.
Secret Management Challenges
The more complex an IT ecosystem and the more diverse and numerous the secrets, the harder it is to store, transfer, and track secrets securely.
Here are some common risks and considerations relating to secret management.
1. Manual Sharing and Failure to Rotate Sensitive Data
Without secrets management, the only way to enable software systems to access each other is to manually share secrets within teams, or embed them in code or configuration. This leads to the use of weak passwords, and reuse of passwords across systems.
In addition, without secret management it is very difficult to rotate secrets, because any change to a password requires changing code, configuration, or re-sharing passwords across unsecure channels. Passwords and access cannot easily be revoked when they are no longer needed.
2. Hardcoded Credentials
App-to-app and application-to-database access and communications require secrets such as privileged passwords to enable authentication. IoT devices and applications often use default hardcoded (embedded) credentials that hackers can easily crack using scanners, dictionary attacks, or guessing techniques. DevOps tools, in particular, usually have secrets embedded in files or scripts, jeopardizing the security of the automation process.
3. Lack of Awareness and Visibility
There are often many privileged applications, accounts, tools, microservices, or containers deployed across an organization’s environment, along with their associated secrets, such as keys and passwords. Some organizations have millions of SSH keys, which is only part of the overall secret management burden.
Decentralized ecosystems are especially problematic for managing secrets because different developers, admins, etc., manage secrets independently (if at all). The lack of enterprise-wide oversight ensures there’ll be security gaps and auditing difficulties.
4. Cloud Computing Privileges
Virtualization and cloud administrator consoles like Office 365 and AWS use superuser privileges allowing users to access a broad range of resources and spin up or wind down applications and VMs quickly. Every VM instance has separate secrets and privileges that require management. The scale of cloud environments contributes to the burden of managing secrets.
5. DevOps Solutions
Secrets require management across an organization’s IT ecosystem, but DevOps environments tend to amplify the challenges of secret management. DevOps teams usually use many different configuration management and orchestration tools, employing automated technologies and platforms that rely on secrets to operate. It is important to apply the best practices to secure these secrets, such as rotating credentials, limiting access, auditing, etc.
6. Third-Party Accounts and Remote Access
Third-party vendors and external users often access sensitive resources with accounts connected via a remote access solution. Ensuring external users implement the right remote access practices and authorization is challenging. In these cases, the organization relies on a third party to manage secrets, relinquishing some control of the IT system’s security.
7. Manual Processes for Managing Secrets
Password and secret security should not be the sole responsibility of humans, who are prone to error and mismanagement. Manual security processes are more likely to have gaps and poor secret hygiene, including default passwords, reused or shared passwords, hardcoded secrets, and uncomplex passwords. Human error and negligence can expose secrets and result in breaches.
8. Lack of Centralized Secrets Management
Another concern is the need for centralized secrets management. As the number, variety, and complexity of IT systems increases, it becomes increasingly difficult to enforce and manage consistent policies across systems, understand where secrets are and how they are used. This problem is known as “secret sprawl”—secrets are distributed across different systems, each with its own unique secret management strategy. Because each application, cloud provider, or organizational unit has its own security model, there is no visibility across the organization.
What Are Secret Management Tools and Why Are they Important?
Secret management tools can resolve these challenges and prevent unauthorized access to sensitive data. This reduces the risk of data breaches , data theft, and unauthorized manipulation or alteration of sensitive corporate data and personally identifiable information (PII). All of these can have disastrous consequences for an organization, including direct financial loss, reputational damage, legal exposure, and regulatory fines.
Secret management tools allow companies to maintain confidentiality for data like passwords, encryption keys, SSH keys, API keys, database credentials, tokens, and certificates—including TLS/SSL certificates and private certificates. These tools can securely store, transmit, and manage digital credentials.
Businesses use secret management solutions to centrally manage secrets for their entire IT ecosystem. These tools reduce the risks associated with inappropriate and manual secret management, such as hardcoding secrets into scripts, using default passwords, manually sharing passwords, and failing to rotate credentials.
Secret management tools replace manual secret management (for example, maintaining spreadsheets with credentials to sensitive systems) and provide centralized visibility, monitoring, and management for secrets across an organization. These tools are most commonly used by software developers, security professionals, and IT operations teams (DevOps or DevSecOps ).
Best Practices for Secrets Management
Differentiate Between Secrets and Identifiers
Secrets are passwords, connection strings, and other information that can compromise your organization if exposed. It should only be shared with trusted applications and authenticated users or services.
Other information on the system, such as identifiers, IP addresses, user names, and DNS names, should be shared with discretion. These are not secrets, but they should not be easily guessed by third parties, and should be kept in confidence if possible. Identifiers should be unique for all clients of the authorization server.
Because identifiers are far less risky than secrets, it is important to clearly distinguish them and manage them separately from secrets. Secrets need to be very strictly controlled because they pose a direct risk of serious damage to applications and businesses if leaked.
Manage Privileges
In any organization, sensitive data and resources can be accessed by trusted user accounts and applications. This raises the risk that data will be compromised, either by malicious insiders or unintentional exposure. It is important to follow the principle of least privilege, in which a user or application is only granted privileges if they are necessary to perform its role. When access is no longer needed, it should be revoked.
When escalating privileges, for example to enable urgent maintenance work, this should be done with good reason and for a limited time. Privileged sessions should be carefully monitored to improve monitoring and accountability.
Rotate Secrets Frequently
Passwords and other secrets should be changed regularly after use. If a secret remains unchanged for a long time, more users and systems gain access to it, and can potentially compromise it. Secrets can be unknowingly leaked by employees or intentionally obtained by malicious agents, both inside and outside the organization. When using a secrets management tool, ensure you use its secret rotation functionality and set rotation to a sufficiently high frequency.
Encrypt Data Using a KMS
Ensure that all sensitive data is encrypted for added security. Because encryption keys are sensitive, and their loss means the loss of the underlying data, it is advisable to use a key management service (KMS). A KMS stores and manages keys and provides them automatically when data needs to be encrypted or decrypted. It also makes it possible to encrypt each dataset or resource with a different encryption key, helping you control access at a more granular level.
Detect Unauthorized Access
Even with the best security practices and tools, breaches will inevitably happen. Ensure you have a robust process for monitoring and identifying unauthorized access. Security, development, and operations teams should establish an incident response process to enable rapid response to a breach and fast remediation of any affected systems, to minimize damage to the organization.
Data Security with Imperva
Imperva Data Security Fabric protects all data workloads in hybrid multicloud environments with a modern and simplified approach to security and compliance automation. Imperva DSF flexible architecture supports a wide range of data repositories and clouds, ensuring security controls and policies are applied consistently everywhere.
Latest Blogs
Engineering
Data Security
Augmented Software Engineering in an AI Era
Gabriel Bayo
Mar 13, 2023 6 min read
Data Security
Imperva Announces Joining the EDB GlobalConnect Technology Partner Program and Certification of Imperva’s DSF Agents to Support EDB Postgres Advanced Server and Community PostgreSQL Databases
John Bedrick
Mar 8, 2023 3 min read
Data Security
Why Healthcare Cybercrime is the Perfect Storm
Terry Ray
Mar 7, 2023 5 min read
Application Security
Data Security
Industry Perspective
Is the FSI innovation rush leaving your data and application security controls behind?
Luke Richardson
Jan 16, 2023 5 min read
Latest Articles
App Security
Essentials
Protocols
OSI Model
763.3k Views
App Security
Essentials
Penetration Testing
537.1k Views
Edge Security
DDoS
Essentials
DDoS Attacks
365.7k Views
Edge Security
DDoS
Essentials
Distributed Denial of Service (DDoS)
204.8k Views
App Security
Essentials
Threats
Buffer Overflow Attack
199k Views
App Security
Essentials
CAPTCHA
161.7k Views
App Security
Attack Tools
Essentials
Threats
Bots
147.7k Views
Edge Security
Connection Optimization
Essentials
Sticky Session
147k Views
+1 866 926 4678
Imperva Partner Ecosystem
Channel Partners
Technology Alliances
Find a Partner
Partner Portal Login
Imperva Blog
Resource Library
Case Studies
Learning Center
Why Imperva
Who We Are
Events
Careers
Press & Awards
Contact Information
Network Map
System Status
Emergency DDoS Protection
Support Portal
Imperva Community
Documentation Portal
API Integration
Trust Center
Cookie Preferences Trust Center Modern Slavery Statement Privacy Legal
English
English
Deutsch
Espanol
Francais
Portugues
日本語
ä¸ć–‡
+1 866 926 4678
English
English
Deutsch
Espanol
Francais
Portugues
日本語
ä¸ć–‡
Cookie Preferences Trust Center Modern Slavery Statement Privacy Legal
Copyright © 2022 Imperva. All rights reserved
Ă—
The State of Security Within eCommerce in 2022
Learn how automated threats and API attacks on retailers are increasing
Free Report
Ă—
Prevoty is now part of the Imperva Runtime Protection
Protection against zero-day attacks
No tuning, highly-accurate out-of-the-box
Effective against OWASP top 10 vulnerabilities
Learn more here
Ă—
Want to see Imperva in action?
Fill out the form and our experts will be in touch shortly to book your personal demo.
Thank you!
An Imperva security specialist will contact you shortly.
Ă—
“Imperva prevented 10,000 attacks in the first 4 hours of Black Friday weekend with no latency to our online customers.”
Top 3 US Retailer
Single Line Text
Under DDoS Attack? 1-866-777-9980. Login. Login. Cloud Security Console. RASP Console. English. English EN. Deutsch DE. Espanol ES. Francais FR. Portugues PT-BR. 日本語 日本語. í•śęµě–´ KR. ä¸ć–‡ CN. Under DDoS Attack? 1-866-777-9980. Start for Free. Contact Us. Start for Free. Contact Us. Login. Login. Cloud Security Console. RASP Console. Why Imperva. Products Products Application Performance Application Security Data Security Network Security Imperva Plans Application Performance Application Performance Overview Optimize content delivery and user experience Content Delivery Network Boost website performance with caching and compression Waiting Room Virtual queuing to control visitor traffic The importance of a resilient CDN for digital performance Get featured report Application Security Application Security Overview Industry-leading application and API protection Web Application Firewall Instantly secure applications from the latest threats Advanced Bot Protection Identify and mitigate the most sophisticated bad bot API Security Discover shadow APIs and the sensitive data they handle DDoS Protection Secure all assets at the edge with guaranteed uptime Client-Side Protection Visibility and control over third-party JavaScript code Runtime Protection Secure workloads from unknown threats and vulnerabilities Serverless Protection Uncover security weaknesses on serverless environments Attack Analytics Complete visibility into your latest attacks and threats Imperva named a security leader in the SecureIQlab CyberRisk Report Get featured report Data Security Data Security Overview Protect all data and ensure compliance at any scale Data Security Fabric Multicloud, hybrid security platform protecting all data types Cloud Data Security SaaS-based data posture management and protection 2023 Strategic Roadmap for Data Security Platform Adoption Get featured report Network Security Network Security Overview Protection and control over your network infrastructure DNS Protection Always-on protection against DNS attacks DDoS Protection Secure all assets at the edge with guaranteed uptime Global DDoS Threat Landscape Report Get featured report Imperva Plans. Solutions Solutions By Use Case By Industry Imperva Plans By Use Case Application Security Stop software supply chain attacks Mitigate account takeover attacks Protect modern web applications Secure API inventories Protect against online fraud Embed security into DevOps Data Security Safeguard sensitive and personal data Advance data governance Assure data compliance and privacy Securely move data to the cloud Observe data risk management Monitor user behavior analytics Network Security Defend DDoS attacks at scale Secure business continuity in the event of an outage Application Performance Ensure consistent application performance By Industry Solutions by Industry Defense-in-depth security for every industry Government Healthcare Financial Services Telecom & ISPs Retail The State of Security within eCommerce 2022 Get free report Imperva Plans. Support Support Support Support Looking for technical support or services, please review our various channels below Technical Support Services Imperva University Community Support Portal Login Documentation EOL Policy. Partners Partners Channel Partners Technology Alliance Partners Channel Partners Channel Partners Program Looking for an Imperva partner? Find an approved one with the expertise to help you Imperva Partner Ecosystem Channel Partners Find a Partner Partner Portal Login Imperva partner, OCM-IT ®, helps Qualitas secure web apps and meet PCI compliance Learn how Technology Alliance Partners Technology Alliance Partners Imperva collaborates with the top technology companies Technology Alliance Partners (TAP) Become a TAP Find a TAP Protect your Cloudera data with Imperva Learn more. Customers Customers Application Security Customer Stories Data Security Customer Stories See all Customer Stories Application Security Customer Stories Application Security Customer Stories Learn how Imperva enables and protects industry leaders Imperva helps AARP protect senior citizens Tower ensures website visibility and uninterrupted business operations Sun Life secures critical applications from Supply Chain Attacks Qualitas continues its quality services using Imperva Application Security Learn how Data Security Customer Stories Data Security Customer Stories Learn how Imperva enables and protects industry leaders Banco Popular streamlines operations and lowers operational costs Discovery Inc. tackles data compliance in public cloud with Imperva Data Security Fabric Discovery Inc. tackles data compliance in public cloud Learn how See all Customer Stories. Resources Resources Resources Threat Research Learning Assets Resources Resources Get all the information you need about Imperva products and solutions Resource Library Blog Events & Webinars Case Studies Privacy, Compliance & Trust Center Imperva Certifications New Vulnerability in Popular Widget Shows Risks of Third-Party Code Read more Threat Research Threat Research Stay informed on the latest threats and vulnerabilities Cyber Threat Index Cyber Attack Map Free Tools Network Map Cyber Threat Index Latest threat analysis Learning Assets Learning Assets Expand and share your knowledge Learning Center Application Security Guide Data Security Guide Imperva Community Documentation Portal Browse the Imperva Learning Center for the latest cybersecurity topics Explore now. Company Company Company Company Get to know us, beyond our products and services About Us Events Careers Press & Awards Contact Information 2022 Sustainability Report Read more. Home  > Learning Center  > DataSec  > Secret Management. Article's content. 6.2k views. Data Security Essentials. What Is Secret Management? Secret management is a practice that allows developers to securely store sensitive data such as passwords, keys, and tokens, in a secure environment with strict access controls. For small software projects, secret management can be simple to achieve. But as teams and software codebases grow, there are additional secrets spread across an application ecosystem, making them more difficult to manage. Microservices, development tools, containers, orchestrators, and API connections all require secrets to perform their functions, and these must be stored and delivered in a secure manner. It is very common to have secrets hard-coded into scripts, configurations, or source code, making them easily accessible to attackers. Secret management solutions can ensure that sensitive information is never embedded into any artifact in plaintext, saving secrets separately from code, and providing an audit trail by enforcing privilege-based sessions for all access attempts. Secret Management Challenges. The more complex an IT ecosystem and the more diverse and numerous the secrets, the harder it is to store, transfer, and track secrets securely. Here are some common risks and considerations relating to secret management. 1. Manual Sharing and Failure to Rotate Sensitive Data. Without secrets management, the only way to enable software systems to access each other is to manually share secrets within teams, or embed them in code or configuration. This leads to the use of weak passwords, and reuse of passwords across systems. In addition, without secret management it is very difficult to rotate secrets, because any change to a password requires changing code, configuration, or re-sharing passwords across unsecure channels. Passwords and access cannot easily be revoked when they are no longer needed. 2. Hardcoded Credentials. App-to-app and application-to-database access and communications require secrets such as privileged passwords to enable authentication. IoT devices and applications often use default hardcoded (embedded) credentials that hackers can easily crack using scanners, dictionary attacks, or guessing techniques. DevOps tools, in particular, usually have secrets embedded in files or scripts, jeopardizing the security of the automation process. 3. Lack of Awareness and Visibility. There are often many privileged applications, accounts, tools, microservices, or containers deployed across an organization’s environment, along with their associated secrets, such as keys and passwords. Some organizations have millions of SSH keys, which is only part of the overall secret management burden. Decentralized ecosystems are especially problematic for managing secrets because different developers, admins, etc., manage secrets independently (if at all). The lack of enterprise-wide oversight ensures there’ll be security gaps and auditing difficulties. 4. Cloud Computing Privileges. Virtualization and cloud administrator consoles like Office 365 and AWS use superuser privileges allowing users to access a broad range of resources and spin up or wind down applications and VMs quickly. Every VM instance has separate secrets and privileges that require management. The scale of cloud environments contributes to the burden of managing secrets. 5. DevOps Solutions. Secrets require management across an organization’s IT ecosystem, but DevOps environments tend to amplify the challenges of secret management. DevOps teams usually use many different configuration management and orchestration tools, employing automated technologies and platforms that rely on secrets to operate. It is important to apply the best practices to secure these secrets, such as rotating credentials, limiting access, auditing, etc. 6. Third-Party Accounts and Remote Access. Third-party vendors and external users often access sensitive resources with accounts connected via a remote access solution. Ensuring external users implement the right remote access practices and authorization is challenging. In these cases, the organization relies on a third party to manage secrets, relinquishing some control of the IT system’s security. 7. Manual Processes for Managing Secrets. Password and secret security should not be the sole responsibility of humans, who are prone to error and mismanagement. Manual security processes are more likely to have gaps and poor secret hygiene, including default passwords, reused or shared passwords, hardcoded secrets, and uncomplex passwords. Human error and negligence can expose secrets and result in breaches. 8. Lack of Centralized Secrets Management. Another concern is the need for centralized secrets management. As the number, variety, and complexity of IT systems increases, it becomes increasingly difficult to enforce and manage consistent policies across systems, understand where secrets are and how they are used. This problem is known as “secret sprawl”—secrets are distributed across different systems, each with its own unique secret management strategy. Because each application, cloud provider, or organizational unit has its own security model, there is no visibility across the organization. What Are Secret Management Tools and Why Are they Important? Secret management tools can resolve these challenges and prevent unauthorized access to sensitive data. This reduces the risk of data breaches , data theft, and unauthorized manipulation or alteration of sensitive corporate data and personally identifiable information (PII). All of these can have disastrous consequences for an organization, including direct financial loss, reputational damage, legal exposure, and regulatory fines. Secret management tools allow companies to maintain confidentiality for data like passwords, encryption keys, SSH keys, API keys, database credentials, tokens, and certificates—including TLS/SSL certificates and private certificates. These tools can securely store, transmit, and manage digital credentials. Businesses use secret management solutions to centrally manage secrets for their entire IT ecosystem. These tools reduce the risks associated with inappropriate and manual secret management, such as hardcoding secrets into scripts, using default passwords, manually sharing passwords, and failing to rotate credentials. Secret management tools replace manual secret management (for example, maintaining spreadsheets with credentials to sensitive systems) and provide centralized visibility, monitoring, and management for secrets across an organization. These tools are most commonly used by software developers, security professionals, and IT operations teams (DevOps or DevSecOps ). Best Practices for Secrets Management. Differentiate Between Secrets and Identifiers. Secrets are passwords, connection strings, and other information that can compromise your organization if exposed. It should only be shared with trusted applications and authenticated users or services. Other information on the system, such as identifiers, IP addresses, user names, and DNS names, should be shared with discretion. These are not secrets, but they should not be easily guessed by third parties, and should be kept in confidence if possible. Identifiers should be unique for all clients of the authorization server. Because identifiers are far less risky than secrets, it is important to clearly distinguish them and manage them separately from secrets. Secrets need to be very strictly controlled because they pose a direct risk of serious damage to applications and businesses if leaked. Manage Privileges. In any organization, sensitive data and resources can be accessed by trusted user accounts and applications. This raises the risk that data will be compromised, either by malicious insiders or unintentional exposure. It is important to follow the principle of least privilege, in which a user or application is only granted privileges if they are necessary to perform its role. When access is no longer needed, it should be revoked. When escalating privileges, for example to enable urgent maintenance work, this should be done with good reason and for a limited time. Privileged sessions should be carefully monitored to improve monitoring and accountability. Rotate Secrets Frequently. Passwords and other secrets should be changed regularly after use. If a secret remains unchanged for a long time, more users and systems gain access to it, and can potentially compromise it. Secrets can be unknowingly leaked by employees or intentionally obtained by malicious agents, both inside and outside the organization. When using a secrets management tool, ensure you use its secret rotation functionality and set rotation to a sufficiently high frequency. Encrypt Data Using a KMS. Ensure that all sensitive data is encrypted for added security. Because encryption keys are sensitive, and their loss means the loss of the underlying data, it is advisable to use a key management service (KMS). A KMS stores and manages keys and provides them automatically when data needs to be encrypted or decrypted. It also makes it possible to encrypt each dataset or resource with a different encryption key, helping you control access at a more granular level. Detect Unauthorized Access. Even with the best security practices and tools, breaches will inevitably happen. Ensure you have a robust process for monitoring and identifying unauthorized access. Security, development, and operations teams should establish an incident response process to enable rapid response to a breach and fast remediation of any affected systems, to minimize damage to the organization. Data Security with Imperva. Imperva Data Security Fabric protects all data workloads in hybrid multicloud environments with a modern and simplified approach to security and compliance automation. Imperva DSF flexible architecture supports a wide range of data repositories and clouds, ensuring security controls and policies are applied consistently everywhere. Latest Blogs. Engineering. Data Security. Augmented Software Engineering in an AI Era. Gabriel Bayo. Mar 13, 2023 6 min read. Data Security. Imperva Announces Joining the EDB GlobalConnect Technology Partner Program and Certification of Imperva’s DSF Agents to Support EDB Postgres Advanced Server and Community PostgreSQL Databases. John Bedrick. Mar 8, 2023 3 min read. Data Security. Why Healthcare Cybercrime is the Perfect Storm. Terry Ray. Mar 7, 2023 5 min read. Application Security. Data Security. Industry Perspective. Is the FSI innovation rush leaving your data and application security controls behind? Luke Richardson. Jan 16, 2023 5 min read. Latest Articles. App Security. Essentials. Protocols. OSI Model. 763.3k Views. App Security. Essentials. Penetration Testing. 537.1k Views. Edge Security. DDoS. Essentials. DDoS Attacks. 365.7k Views. Edge Security. DDoS. Essentials. Distributed Denial of Service (DDoS) 204.8k Views. App Security. Essentials. Threats. Buffer Overflow Attack. 199k Views. App Security. Essentials. CAPTCHA. 161.7k Views. App Security. Attack Tools. Essentials. Threats. Bots. 147.7k Views. Edge Security. Connection Optimization. Essentials. Sticky Session. 147k Views. +1 866 926 4678. Imperva Partner Ecosystem. Channel Partners. Technology Alliances. Find a Partner. Partner Portal Login. Imperva Blog. Resource Library. Case Studies. Learning Center. Why Imperva. Who We Are. Events. Careers. Press & Awards. Contact Information. Network Map. System Status. Emergency DDoS Protection. Support Portal. Imperva Community. Documentation Portal. API Integration. Trust Center. Cookie Preferences Trust Center Modern Slavery Statement Privacy Legal. English. English. Deutsch. Espanol. Francais. Portugues. 日本語. ä¸ć–‡. +1 866 926 4678. English. English. Deutsch. Espanol. Francais. Portugues. 日本語. ä¸ć–‡. Cookie Preferences Trust Center Modern Slavery Statement Privacy Legal. Copyright © 2022 Imperva. All rights reserved. Ă—. The State of Security Within eCommerce in 2022. Learn how automated threats and API attacks on retailers are increasing. Free Report. Ă—. Prevoty is now part of the Imperva Runtime Protection. Protection against zero-day attacks. No tuning, highly-accurate out-of-the-box. Effective against OWASP top 10 vulnerabilities. Learn more here. Ă—. Want to see Imperva in action? Fill out the form and our experts will be in touch shortly to book your personal demo. Thank you! An Imperva security specialist will contact you shortly. Ă—. “Imperva prevented 10,000 attacks in the first 4 hours of Black Friday weekend with no latency to our online customers.” Top 3 US Retailer.