Organizations are losing millions of dollars in revenue each year due to leaked infrastructure code, credentials and keys, according to a new report from 1Password.
1Password’s report “Hiding in Plain Sight” said that on average, enterprises lose an average of $1.2 million each year due to leaked details, which researchers at the company called “secrets.” Researchers found that IT and DevOps workers leave infrastructure secrets like API tokens, SSH keys, and private certificates in config files or next to source code for easy access and to make things move faster.
The report features analysis from 1Password researchers as well as an April 2021 survey of 500 IT and DevOps workers in the US. For 10% of respondents who experienced secret leakage, their company lost more than $5 million. More than 60% of respondents said their organizations have dealt with secrets leakage.
In addition to the money lost, 40% said their organizations suffered from brand reputation damage and 29% said clients were lost due to the consequences of secrets that had been leaked.
According to the report and accompanying survey, 65% of IT and DevOps employees say their company has more than 500 secrets, with almost 20% saying they have more than they can count.