Skip to main content
banner image
venafi logo

How to Take the Burden of Machine Identity Management Off the Backs of DevOps

How to Take the Burden of Machine Identity Management Off the Backs of DevOps

DevOps, automated security, certificate manager
April 5, 2019 | Guest Blogger: Kim Crawley

When I moved into an apartment, I didn’t build scaffolding around the building to support a rope and pulley system to lift boxes of my furniture and belongings to the 19th floor. My stuff was put into an elevator with a dedicated shaft, supported by specifically designed mechanical infrastructure and a simple computer system. The latter way is much safer, more effective, and automated.

The Hard Way or the Right Way

In my last post, I wrote about how many DevOps practitioners are still manually generating and managing their machine identities, especially TLS certificates. Think about all of the load balancers, servers, containers, virtual machines, and other network entities that are constantly launched and killed within a DevOps environment. They all need machine identities, yet some of those entities have lifespans of only a few hours.

The benefit of a DevOps system in maintaining a networked application for a business client is its ability to be quick, responsive, and dynamic to a client’s constant functionality requirements. That wonderful agility grinds to a halt each time a human has to carefully configure, implement, and deploy a new certificate for a network entity. Every manually generated certificate has a cumulative effect, slowing the whole DevOps workflow down and increasing the risk of human error.


Don't jump on the DevOps bandwagon without this

As I noted in my previous blog, manual certificate management not only slows DevOps down, it also makes it harder to implement best practices for encryption in applications. As mentioned in Learning From Data Breaches: Integrating Security in DevOps, some of the largest companies are still grappling with this challenge.

“On September 6, 2018, airline giant, British Airways, disclosed that the company had suffered a data breach that affected the personal and financial data of approximately 382,000 customers. A similar breach was reported by Ticketmaster in June of 2018, and this month marks one year anniversary of Equifax data breach, wherein half of US population was impacted. A common denominator of all these data breaches is the speed at which code was published.”

“Companies jump into the DevOps bandwagon with an assumption that automation is the sole driver for adoption. However, these data breaches are strong evidence that it takes a blend of automation, cultural change, and the integration of security processes throughout the development lifecycle to achieve effective layered security in such agile environments.”

And, let’s not forget Equifax, where an attacker was able to hide in encrypted traffic for months due to an expired certificate. Standardization coupled with automation is important to enable TLS inspection for the purposes of preventing bad actors from hiding in encrypted traffic for long periods of time. Properly automated machine identity management with centralized control makes full visibility possible.

Security compatible with Kubernetes, Vault, Terraform

As a member of the security team, you are likely looking to embed security into DevOps in an automated way. Your DevOps teams will love you for taking the burden of manual machine identity management off of their backs. By abstracting away the details, the job of DevOps gets easier since they no longer have maintain cryptographic processes for their applications across all their environments. Cyber attackers will hate you because your network-driven application’s encryption will be much more difficult to bypass.

The benefits of automated machine identity protection for DevOps reach farther than you may have thought. Does your organization use DevOps tools like Kubernetes, HashiCorp Vault, and Terraform? If so, automated machine identity management can be completely compatible! Are you concerned about PCI-DSS compliance? An automated solution can make it easy to demonstrate compliance to auditors! Does your client insist on constant application uptime? Certificate outages are a major cause of outages in DevOps-driven applications, and proper automation can prevent them. If you need a lightweight certificate management solution for DevOps, you can have it.

Automated machine identity protection in DevOps makes life easier for IT security teams and developers. Clients benefit from having more secure and agile application development and maintenance. Auditors can more easily see how your certificates and associated processes are standardized and compliant. Certificates for expired entities can be easily found and removed. DevOps application outages are prevented with automated certificate renewals. And, the only people who aren’t happy are cyber attackers. Well, too bad for them!


Related posts

Like this blog? We think you will love this.
cloud cyber security, cloud security, zero trust security
Featured Blog

Why Zero Trust in the Cloud Requires On-demand Machine Identity Management

So, as machines are spun up in the cloud, we need to assign security parameters based on their p

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Guest Blogger: Kim Crawley
Guest Blogger: Kim Crawley

Kim Crawley writes about all areas of cybersecurity, with a particular interest in malware and social engineering. In addition to Venafi, she also contributes to Tripwire, AlienVault, and Cylance’s blogs. She has previously worked for Sophos and Infosecurity Magazine.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more