Professional Documents
Culture Documents
CAU 01 Conjur - Fundamentals Overview
CAU 01 Conjur - Fundamentals Overview
No centralized control
Developers
Audit & compliance
prefer native tools and
challenges
current experience
GitGuardian announced the results of its 2021 State of Secrets TYPES OF SECRETS FOUND:
Sprawl on GitHub report.
The report, which is based on GitGuardian’s constant monitoring 27.6% Google keys
of every single commit pushed to public GitHub, indicates an 15.9% Development Tools
alarming growth of 20% year-over-year in the number
15.4% Data Storage
of secrets found.
A growing volume of sensitive data – or secrets – such as 12% CRM, PCI, Identity Providers
API keys, private keys, certificates, username and 11.1% Messaging systems
passwords end up publicly exposed on GitHub,
8.4% Cloud provider
putting corporate security at risk as the vast
majority of organizations are either ignoring the 6.7% Private keys
problem or poorly equipped to cope with it.
Others
Ref: https://www.securitymagazine.com/articles/94776-over-two-million- 9
corporate-secrets-detected-on-public-github-in-2020
Ref: https://www.ibm.com/reports/data-breach
10
11
They exist everywhere Secrets are hard-coded Secrets values are static Secrets are stored locally
(On-prem, cloud, hybrid) In clear-text and aging on the filesystem
Secrets leaked to public Lack of accountability for Security islands caused by Pursued by attackers
repositories accidentally non-human and humans multiple secret stores (Insider and external)
14
16
No Application
Removes Security Enforce Strong
Downtime Required
Island Dilemma Authn for Apps
to Rotate Secrets 18
SaaS Secrets Management that manages nonhuman access and machine identity
Conjur Cloud across multi cloud and hybrid environments with a uniform experience for security and
developers, no matter where your secrets are.
Securely integrate with AWS Secrets Manager to gain all the advantages of CyberArk’s
Secrets Hub centralized secrets management without impacting developer workflows.
21
• Standby server runs as a warm standby ready to take over operations if the
leader (master) server fails
STANDBY
• Recommended to implement 2 standby servers (synchronous and asychrounous)
• Distributed across data centers and geographies to locally support application read
FOLLOWER requests and distribute load from the leader (master)
• Each follower can perform all read-only functions, but also support creation of new
hosts by proxying host factory requests to the leader (master)
23
• Can scale horizontally, and each additional follower adds read capacity
Copyright © 2023 CyberArk Software Ltd. All rights reserved. cyberark.com
cyberark.com
Conjur Server
• Linux Operating System Front End Back End
• PostgreSQL Database
– Secure Secrets Storage
AUTHN AUTHZ
• HTTPS w/ REST API Users
24
Accountability
Replicate Stream
Environments
On-Premises Cloud Hybrid
Platforms
Container Platforms Amazon AWS AMI
Operating
Systems
GNU / Linux Ubuntu 26
27
Security
Owner
Developer Auditor
Copyright © 2023 CyberArk Software Ltd. All rights reserved. When ready select “Next” to continue NEXT
cyberark.com
Enterprise Vault
or Privilege Cloud
Synchronizer
Primary Cluster DR
Leader
Async Sync
Follower
Load Balancer w/
Health Check
Standby
Cloud OnPrem / K8s /
Hybrid OpenShift
29
CI-CD Tools / Applications CI-CD Tools / Applications CI-CD Tools / Applications
Privilege Cloud
30
Privilege Cloud
Copyright © 2023 CyberArk Software Ltd. All rights reserved. When ready select “Next” to continue NEXT
cyberark.com
Summary
31
32
33