Avocado becomes first fully-certified CyberArk ‘Secrets’ Partner in ANZ highlighting the criticality of securing non-human identities in a rapidly changing environment.

A vocado Consulting announces an expanded collaboration with identity security leader CyberArk across Australia and New Zealand, aimed at securing enterprise secrets – credentials stored in application code and across the software supply chain – for organisations that are rapidly digitally transforming and addressing the increasing risks posed by unsecured non-human identities.

Avocado is CyberArk’s first fully-certified ANZ-based partner for CyberArk Secrets Management, a component of the CyberArk Identity Security Platform.

Tony Rabottini, General Manager Cyber Security, Avocado, said this important achievement has grown their software engineering and cyber risk mitigation expertise, helping to protect and manage their clients most valuable assets.

He further said that the additional offering will significantly support their clients as they continue to digitise and adopt cloud technology and the volume of human and non-human identities.

“With cloud adoption accelerating, more organisations are turning to cloud-based solutions like microservices, containerisation and serverless to drive their transformation at scale and speed,” said Tony Rabottini. “This has created an explosion of digital identities and emerging identity types which aren’t necessarily captured in those more traditional approaches.”

“With non-human identities outweighing human ones by a ratio of 45 to one, cybersecurity risk isn’t adequately addressed until non-human or machine identities are secured,” he said.

CyberArk is excited to collaborate with Avocado as our first fully-certified ANZ-based Secrets Management partner,” said Dr. Stephenie Andal, Partner Manager ANZ at CyberArk, “Serious breaches that compromise non-human identity access are on the rise. Organisations must prioritise adjusting to an IT landscape that demands both security and speed.”

“Highly impactful cybersecurity events are often made possible by improper practices in DevOps, such as vault sprawl, poor rotation and secrets in code. CyberArk research shows that a staggering 70% of organisations keep more than 50 secrets within their Git repositories. Mismanaged, this brings unprecedented risks that becomes a ticking time bomb for organisations,” she added.

Avocado becomes first fully-certified CyberArk ‘Secrets’ Partner in ANZ, Avocado Consulting - deliver with certainty

CyberArk’s centralised secrets management solution is tailored specifically to the unique infrastructure requirements of cloud native, container and DevOps environments and their non-human identities.

It helps developers and security organisations secure, rotate, audit and manage secrets and other credentials used by dynamic applications, automation scripts and other non-human identities.

Dr. Andal further commented: “We foresee CyberArk Secrets Management becoming an integral part of both security and development teams’ processes for complex organisations undergoing rapid digital transformation. Avocado’s application expertise in creating adaptive policies and tools for expanding enterprises coupled with their experience in elevating risk discussions to the Board level will be critical to effectively future-proof organisations against these challenges.”

Why should you care about Secrets Management and non-human indentities? Read our FAQs

Read the related media here:

CRN – Avocado Consulting expands partnership with CyberArk

Channel Life Australia – Avocado Consulting expands partnership with CyberArk

Channel Life New Zealand – Avocado Consulting expands partnership with CyberArk

KBI.Media – Avocado Becomes First Fully Certified CyberArk ‘Secrets’ Partner in ANZ Highlighting the Criticality of Securing Non-Human Identities in a Rapidly Changing Environment

Security Brief Australia – Avocado Consulting expands partnership with CyberArk

Security Brief New Zealand- Avocado Consulting expands partnership with CyberArk

”With cloud adoption accelerating, more organisations are turning to cloud-based solutions like microservices, containerisation and serverless to drive their transformation at scale and speed. This has created an explosion of digital identities and emerging identity types which aren’t necessarily captured in those more traditional approaches.
Tony Rabottini, GM Cyber Security, AvocadoPictured: (L) Gerardo Barranquero (R) Mohit Dewan

FAQS

Why should you care about Secrets Management and non-human identities? Check out our most frequently asked questions.

Why CyberArk and Avocado?

This partnership aligns CyberArk’s innovative approach to Privilege Access solutions and Avocado’s deep experience and expertise in building and operating custom applications from legacy to cloud. Together, we’re helping drive secure, and scalable digital transformation, enabling organisations to confidently navigate the evolving technological landscape.

What is CyberArk’s Certified Delivery Certification?

The Certified Delivery Engineer (CDE) SECRETS certification is designed to equip technical professionals with the working knowledge to deploy and configure CyberArk’s Secrets Manager solution. This certification increases the competency for implementing and supporting CyberArk projects and ensuring security across all application identities and DevOps pipelines.

How can a certified Security Engineer help organisations future proof digital transformation strategy?

A certified CyberArk Security Engineer can deliver industry standard expertise in strategy, design and implementation of identity security and applying intelligent privilege controls as organisations implement digital transformations and cloud migrations.

What is Secrets Management?

Secrets Management is a standard security practice to secure non-human identities for all types of software applications and DevOps tools across on-premise, hybrid and multi-cloud environments.

What is Centralised Secrets Management?

A Centralised Secrets Management solution is capable of centrally storing application credentials and secrets in a single vault; centrally rotating and managing credentials; enabling visibility of non-human identities usage and generating audit reports from a single location.

Who should care about Secrets Management?

Secrets Management is a concern for various stakeholders, but particularly those involved in software development, deployment and maintenance. Software and DevOps engineers who build systems and applications should set an Identity Security first approach to ensure application credentials are not leaked. Security teams must enforce security policies such as centralised secrets storage and credential rotation to reduce risk of unauthorised access.

Should PAM users think about adopting Secrets Management?

Yes, implementing secrets management is a must for users of Privileged Access Management (PAM) systems. PAM systems are designed to secure and manage privileged accounts, which often have access to critical systems and sensitive data. Traditionally, privilege accounts were just focused on human passwords, however non-human identities now outpace human identities by 45x and will increase exponentially as the scale of applications and usage of cloud environments grows.

What are non-human identities?

Non-human identities refer to the unique identities and attributes assigned to workloads, servers, devices, or software applications in the context of IT systems and cybersecurity. These identities play a crucial role in ensuring secure and efficient communication within digital and cloud environments.

Why are non-human identities important?

Non-human or machine identities are crucial in securing access to your critical assets. It involves security practices such as secret lifecycle management, secure key storage, satisfying audit and compliance, proper authentication and authorisation mechanisms to prevent unauthorised access or tampering.

What are the frequent audit findings for non-human identities and secrets?

Frequent audit findings often revolve around the lack or failure to rotate credentials or secrets. Another finding is the weak access control which allows unauthorised systems to access sensitive information because of insufficient permissions, improper role assignments, and lack of segregation of duties. Lastly, the lack of audit mechanisms to monitor and control the secrets usage.

What are the top 3 common non-human identities and secrets?

The top 3 non-human identities are certificates, API keys, and SSH keys. Certificates contain cryptographic keys and information that helps establish identity for machines, devices and applications. API and SSH keys are identities used to secure access to machines and remote applications.

What are the benefits of DevSecOps?

DevSecOps, is applying security practices into the DevOps workflow, enhances collaboration between development, security, and operations teams, leading to faster and safe software delivery. By embedding security measures throughout the development lifecycle, DevSecOps eliminates hard coded secrets, remediates vulnerabilities earlier, and promotes a proactive approach to cybersecurity, ultimately resulting in more resilient and reliable applications.

DevSecOps

Enable the automated delivery of secure software into your cloud and digital transformation.

visit the page

Our Identity Security Solutions

Great minds work here

Explore Our Services

Avocado becomes first fully-certified CyberArk ‘Secrets’ Partner in ANZ