Report: Mismanaging secrets costs companies $1.2M annually

TORONTO, June 22, 2021 /PRNewswire/ -- Leaked infrastructure secrets - code, credentials and keys - which are exposed accidentally or intentionally cost companies an average of $1.2 million in revenue per year according to a new report from 1Password, the leader in enterprise password management. The Hiding in Plain Sight report explores how organizations are managing the explosion of sensitive information, the prevalence of secrets management shortcomings and the severe impact on the bottom line, including damaged corporate reputation, alienated customers and delayed product cycles.

"Secrets are now the lifeblood for IT and DevOps as they seek to support the explosion of apps and services now required in the modern enterprise" said Jeff Shiner, 1Password CEO. "Our research reveals that secrets are booming, but IT and DevOps teams are not meeting rigorous standards to protect them -- and in the process are putting organizations at risk of incurring tremendous cost. It's time for companies to take a hard look at how they manage secrets, and adopt practices and solutions to  'put the secret back into secrets' to support a culture of security."

Secrets Are Everywhere
Today, two in three (65%) of IT and DevOps employees estimate their company has more than 500 secrets -- and nearly 1 in 5 (18%) say they have more than they can count.

• Managing Secrets is Expensive: IT and DevOps spend an average of 25 minutes each day managing secrets, at an estimated payroll expense of $8.5B annually across companies in the US.
• More Apps, More Secrets: Half (51%) of IT/DevOps workers say their time spent managing secrets has increased in the last year, and for 10% it's more than doubled.

Loose Secrets Sink Enterprises
1Password's research found that losing control of secrets can damage many aspects of enterprise operations and undermine the bottom line.

• Financial Pain: IT/DevOps workers whose company lost control of secrets said their company lost, on average, $1.2M. Ten percent of IT/DevOps who experienced secrets leakage said their company lost more than $5M -- amounting to billions across the national economy.  
• Bad Business Side Effects: Two in five (40%) of IT/DevOps workers at organizations who've experienced secrets leakage report brand reputation damage; 29% say it led to lost clients.
• Product Delays: IT/DevOps shared that 61% of projects are delayed due to poor secret management.
• Ex-Employee Risk Factor: Three out of four (77%) IT/DevOps workers say that they still have some amount of access to their former with over a third (37%) saying that they still have full access.

IT/DevOps Can't Keep Up With Secrets
More than half (52% ) of IT and DevOps workers say that the explosion of cloud applications has made managing secrets more difficult.

• IT/DevOps Are Too Busy to Keep Secrets: The very people that should be keeping secrets  aren't making it a priority; four in five (80%) employees of  IT/DevOps organizations admit to not managing their secrets well.
• Secrets, Secrets Everywhere: One in four (25%) employees at IT/DevOps companies have secrets in 10 or more different locations and have shared with colleagues via insecure channels -- email (59%),  chat services such as Slack (40%), spreadsheets/shared documents (36%) and text (26%).
• Undermining the Enterprise: IT/DevOps employees report that poorly managing enterprise secrets wastes time (48%), delays projects (38%), frustrates employees (36%) and disrupts workflows (33%).

Sloppy Secrets
IT and DevOps employees are concerned about the consequences of their companies not doing enough to secure their secrets. However, IT and DevOps employees also admit to being careless when sharing secrets, opening the door to potential leaks. 

• Wash, Rinse, Repeat: Nearly two thirds (64%) of IT/DevOps workers admit to reusing enterprise secrets between projects.
• Passing Notes Around the Server Room: One in three(36%) IT/DevOps workers say they'll share secrets over insecure channels to increase productivity and speed.
• Enforcement Issues: Nearly all (97%) of IT/DevOps workers report their organization has a policy in place for enterprise secrets generation, but just over a third (36%) say their company is strict with its policy enforcement.
• Terror Time: Half (51%) of IT/DevOps workers have explicit fears with the way their company currently handles secrets.

Bosses Are the "Leak" Link
Those with most at stake -- managers and VPs -- are more likely to circumvent security policies, reuse secrets and access production systems without permission.

• Convenience Over Security: Sixty-three percent of team leads and managers and 67% of VP and above have ignored or worked around company security policies to meet COVID-19 work demands--nearly triple the rate of individual IT/DevOps contributors (25%).
• VPs Are Double the Trouble: Four in five (81%) IT/DevOps VPs and above have reused secrets between projects, compared to 65% of team leads and managers. VPs and above are twice as likely to reuse secrets as individual contributors (39%).

The full report can be viewed HERE.

About 1Password
1Password is the leader in enterprise password management. By combining industry-leading security and award-winning design, the company provides private, secure and user-friendly password and secrets management to businesses and consumers globally. 1Password's Enterprise Password Manager is trusted by more than 80,000 business customers, including IBM, Slack, PagerDuty, WealthSimple and Gitlab. Learn more at 1Password.com.

Survey Methodology
1Password conducted this research using an online survey prepared by Method Research and distributed by RepData among n=500 full-time U.S. employees who work in their company's IT department or in a DevOps role at a company with more than 500. Data was collected from April 8 - April 21, 2021.

SOURCE 1Password

Related Links

https://1password.com