Skip to main content
banner image
venafi logo

How to Stop Outages in Your Kubernetes Clusters [Case Study]

How to Stop Outages in Your Kubernetes Clusters [Case Study]

stop-outages-kubernetes-clusters
August 1, 2022 | Robyn Weisman

Maybe you’ve heard this one before. You’re a global bank in the process of migrating to a multicloud infrastructure using Kubernetes. And then suddenly you find yourself falling victim to outage after outage, one of which knocks out an important customer-facing app for several hours. How do you tackle the problem?

What if you could eliminate certificate outages forever? Learn about our No Outage Guarantee!
">
InfoSec vs platform development teams

First you might discover—unsurprisingly—a lack of synchronicity between your InfoSec and platform development teams. The latter group may have assumed that the machine identity management tools used for on-premise infrastructure didn’t apply to them, given that the high volume of Kubernetes workloads being deployed on faster release cycles are consuming way more TLS certificates. The former group, meanwhile, has no visibility into how certificates are being used and configured in Kubernetes clusters, which might have enabled them to catch a misconfigured or expiring certificate before an outage could occur.

Prevent outages: Venafi Jetstack Secure

If you’re already a Venafi customer, you know how well TLS Protect works to manage machine identities. And you may be aware that Jetstack, the Venafi-owned company that created cert-manager, is popular among your developers. After all, cert-manager, an open source tool, automates the issuance and management of TLS certificates in Kubernetes environments—and it’s been downloaded more than 1 million times a day since 2021.

But like any global financial institution, you need a solution that not only can stop outages in cloud native environments but one that also gives your security teams visibility into your TLS certificate inventory, enforces policies and standardizes all instances of cert-manager while letting developers use their preferred tools. And, most important perhaps, it can scale easily.

That’s where Venafi Jetstack Secure comes in. Built on top of cert-manager, Jetstack Secure is designed specifically for enterprise usage. And our new case study, Global Bank Eliminates Kubernetes Certificate-Based Outages with Jetstack Secure describes just how Jetstack Secure helped one global bank do just that.

An excerpt from the case study:

“The first task for Jetstack Secure was to help the bank identify in-cluster certificates that could potentially trigger an outage—and the bank was surprised to find several hundred of them. With Jetstack Secure, the platform team easily revoked the offending certificates and replaced them with ones that complied with corporate security policies defined within the Venafi platform. Jetstack Secure enforced this automatically.”

This took a load off the minds of the security team. In addition:

“The security team was pleased that Jetstack Secure automates tasks such as centralized logging and monitoring because it gave them confidence that their cloud environments were managed at the same level as their on-premise ones.”

Meanwhile, development teams appreciated how Jetstack Secure brought about truly frictionless certificate-as-a-service:

“Development teams were thrilled that they no longer had to worry about the various aspects of certificate management that used to hobble speed of development—including requesting tokens, managing private keys and maintaining cert-manager across hundreds of clusters. Moreover, they could now procure and manage valid Venafi-approved certificates without having to worry about whether certificates adhered to policy.”

Want to read more? Click here to read the case study. But before you go, here’s a money quote from the bank’s vice president of security:

“Venafi and the Jetstack Secure team also provide best practice blueprints to maintain cloud security and compliance as we scale, as well as the ability to seamlessly extend our visibility across both classic on-premise and modern cloud infrastructure. That’s the closest thing to a silver bullet I’ve seen in my 25 years as a security professional.”

Related Posts

Like this blog? We think you will love this.
cloud-native-security-kubernetes
Featured Blog

Traditional Security Won’t Cut It for Secure Cloud-Native Applications: Here’s Why

The risks of securing cloud-native with traditional security measu

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Robyn Weisman
Robyn Weisman

Robyn is a Senior Content Writer at Venafi. She helps enterprise IT vendors pinpoint their marketing challenges and develop content marketing strategies. She worked for several well-known technology trade publications for over 15 years, and has a Master's Degree in Screenwriting from USC.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more