DevOps is challenging many of our old assumptions about IT and application development. It’s one of the key contributors to driving the digital transformation from manual to automated systems across the enterprise. And machine identity protection is no exception.
Traditional certificate acquisition and provisioning could take hours, or even days. But DevOps teams are moving too quickly to stop and wait for these manual processes. They require machine identities to secure containers and microservices on the fly. In fact, DevOps is inspiring many organizations to think about how they can bring their machine identity protection into line with the dynamic nature of the new Fast IT. So they’re asking, "Okay, how do we change our processes to allow this to happen?"
To give you a concrete example of the status quo, if you want a certificate within a large organization, you need to have a team that is responsible for the certificate. Plus, you need to have requesters within that team, and you also need approvers within that team. If you are a requester, you can't also be an approver, because then you could request and approve your own certificate, and we can't have that because regulatory bodies will not let you do that
And you can't have only one person within the team, because if that person is off, then the certificate might not get approved when it needs to be approved. So, you need at least two requesters and you need at least two approvers. That means you need to have at least four people before you can have a certificate. Because that's the way the systems have always worked.
Not only are these traditional processes slow, but they don’t scale well to meet the increasing demand for machine identities. The work that PKI teams are doing with approvals is significantly greater now than it was when they started. And it’s all been a manual process. Not only do they need to manage the requesting and approving of certificates from a financial point of view, they need the crypto team to review the requests to make sure they’re in line with security policies.
It’s a lot of work to verify that departments or business units are requesting the right sort of certificates for the right sort of purposes. That alone is almost one person's full-time job. But now, with advances in machine identity protection, much of that can be automated. And organizations want to automate that.
Following the example of DevOps, PKI teams are thinking about how they can move away from spreadsheets onto automated protection. In fact, many have been thinking about increasing automation and have been wanting to do it for a number of years. After all, there is only so much you can do without radically increasing staffing, not to mention overtime.
So, I see the dynamism of DevOps having ripple effects throughout the security infrastructure. Certainly DevOps is driving a paradigm shift, or mindset change, by challenging many traditional assumptions.DevOps inspires a mentality where everything is dynamic. And because you know it's all dynamic, you know what's changing, and it's lots of little changes. That's very much what DevOps and agile are all about. But getting that into everybody's mindset is not easy.
Venafi helps organizations support this vision with dynamic machine identity protection that automates the entire certificate life cycle. This type of automation speeds acquisition and ensures compliance with enterprise security policies.
Are you ready to embrace the DevOps spirit by automating your machine identity protection?