Organizations are losing millions of dollars in revenue each year due to leaked infrastructure code, credentials and keys, according to a new report from 1Password.
1Password's report "Hiding in Plain Sight[1]" said that on average, enterprises lose an average of $1.2 million each year due to leaked details, which researchers at the company called "secrets." Researchers found that IT and DevOps workers leave infrastructure secrets like API tokens, SSH keys, and private certificates in config files or next to source code for easy access and to make things move faster.
The report features analysis from 1Password researchers as well as an April 2021 survey of 500 IT and DevOps workers in the US. For 10% of respondents who experienced secret leakage, their company lost more than $5 million. More than 60% of respondents said their organizations have dealt with secrets leakage.
In addition to the money lost, 40% said their organizations suffered from brand reputation damage and 29% said clients were lost due to the consequences of secrets that had been leaked.
According to the report and accompanying survey, 65% of IT and DevOps employees say their company has more than 500 secrets, with almost 20% saying they have more than they can count.
Employees have to spend about 25 minutes every day managing these secrets and more than half say that number has increased significantly over the last year.
More than 61% said multiple projects had to be delayed because their organization could not effectively manage its secrets.
Alarmingly, 77% of respondents said they still have access to a former employer's systems and 37% said they had full access, highlighting one of the main reasons why secrets continue to be leaked.
Another factor contributing to the problem is the growing use of cloud applications, which 52%