See how Segura® empowered LATAM’s largest e-commerce company to streamline their DevSecOps initiative, securing thousands of applications and AWS secret keys and improving security through access management and auditing.
Retail
Latin America (LATAM)
DevOps Secret Management
PAM Core, DevOps Secret Manager (DSM)
I prefer to download this customer case to read it later.
Download ›A DevOps pipeline (CI/CD) managing thousands of secret hard-coded keys and operating thousands of permanent and ephemeral cloud servers, supported by over 200 admin developers.Over 2,000 hardcoded access keys were used indiscriminately, lacking traceability for privileged access to cloud servers.
Shared secrets led to malicious actions without accountability, resulting in operational errors, data leakage, and service unavailability. These were made worse by uncontrolled access proliferation and inadequate security governance.
Integrate Segura® into the DevOps pipeline for scanning and rotating hardcoded access keys during deployment, along with the cloud providers to automatically identify ephemeral servers, manage credentials, and record sessions. Segura® mapped 100% of applications and secret keys.
See how PAM Core works »
Implementing Segura® enabled the e-commerce company to significantly accelerate its DevSecOps initiative, securing thousands of applications and AWS secret keys while enhancing security through access management and auditing.
applications and AWS secret keys mapped.
of AWS unnecessary users were deleted, reducing the attack surface and therefore the risks.
admin access recorded and audited.
Introduction
In the dynamic landscape of Latin America's e-commerce sector, one company emerged as the leader, driving digital innovation across its diverse portfolio of brands, including Americanas.com, Submarino, and Shoptime. This retail giant faced a critical challenge in managing its extensive DevOps infrastructure. With over 200 admin developers overseeing a complex CI/CD pipeline managing thousands of permanent and ephemeral cloud servers, and burdened by 2,000 indiscriminately used hardcoded access keys, the company grappled with significant security vulnerabilities and compliance risks.
Major Challenges with Security and Compliance
The sprawling DevOps pipeline posed challenges beyond operational efficiency. Shared secrets and uncontrolled access practices led to operational errors, data leakage, and service disruptions. A lack of traceability and governance over privileged access to critical cloud servers compounded these issues, threatening the company's reputation and regulatory compliance.
Transformative Solutions with Segura®
Recognizing the urgency to enhance its security posture and meet stringent compliance standards, the company embarked on a transformative journey. They integrated Segura® into their DevOps pipeline strategy, harnessing the power of GitLab and Kubernetes for robust scanning and rotation of hardcoded access keys during deployments. Moreover, with seamless integrations with AWS and GCP, they automated the identification of ephemeral servers and implemented secure credential management through AD authorization. This strategic implementation ensured the comprehensive mapping of applications and secret keys across their infrastructure.
Embracing the Future
In conclusion, the integration of senhasegura into their DevOps ecosystem exemplifies the company's commitment to digital transformation and operational excellence. By addressing critical security challenges head-on and implementing robust compliance measures, the company not only safeguarded its operations but also positioned itself for sustained success in an ever-evolving digital landscape. This case study underscores the transformative impact of proactive security measures and strategic technology partnerships in driving business resilience and growth.
Segura® is the only PAM solution on the market that covers the entire privileged access lifecycle. Explore our suite of advanced security solutions:
A secure and efficient way for tools and applications to request confidential information such as secrets, credentials, and other sensitive data used throughout the DevOps lifecycle.
Product Tour ›
Manage and monitor privileged sessions on workstations, ensuring secure access control, auditing, and compliance with IT security policies and regulations.
Product Tour ›
Centralize, manage, and automate the lifecycle of digital certificates, ensuring compliance and reducing operational risks.
Product Tour ›Discover the power of Identity Security and see how it can enhance your organization's security and cyber resilience.
Schedule a demo or a meeting with our experts today.
70% lower Total Cost of Ownership (TCO) compared to competitors.
90% higher Time to Value (TTV) with a quick 7-minute deployment.
The Only PAM solution available on the market that covers the entire privileged access lifecycle.
