Skip to main content
banner image
venafi logo

How to Take the Burden of Machine Identity Management Off the Backs of DevOps

How to Take the Burden of Machine Identity Management Off the Backs of DevOps

DevOps, automated security, certificate manager
April 5, 2019 | Guest Blogger: Kim Crawley

When I moved into an apartment, I didn’t build scaffolding around the building to support a rope and pulley system to lift boxes of my furniture and belongings to the 19th floor. My stuff was put into an elevator with a dedicated shaft, supported by specifically designed mechanical infrastructure and a simple computer system. The latter way is much safer, more effective, and automated.

In my last post, I wrote about how many DevOps practitioners are still manually generating and managing their machine identities, especially TLS certificates. Think about all of the load balancers, servers, containers, virtual machines, and other network entities that are constantly launched and killed within a DevOps environment. They all need machine identities, yet some of those entities have lifespans of only a few hours.

The benefit of a DevOps system in maintaining a networked application for a business client is its ability to be quick, responsive, and dynamic to a client’s constant functionality requirements. That wonderful agility grinds to a halt each time a human has to carefully configure, implement, and deploy a new certificate for a network entity. Every manually generated certificate has a cumulative effect, slowing the whole DevOps workflow down and increasing the risk of human error.

 

As I noted in my previous blog, manual certificate management not only slows DevOps down, it also makes it harder to implement best practices for encryption in applications. As mentioned in Learning From Data Breaches: Integrating Security in DevOps, some of the largest companies are still grappling with this challenge.

“On September 6, 2018, airline giant, British Airways, disclosed that the company had suffered a data breach that affected the personal and financial data of approximately 382,000 customers. A similar breach was reported by Ticketmaster in June of 2018, and this month marks one year anniversary of Equifax data breach, wherein half of US population was impacted. A common denominator of all these data breaches is the speed at which code was published.”

“Companies jump into the DevOps bandwagon with an assumption that automation is the sole driver for adoption. However, these data breaches are strong evidence that it takes a blend of automation, cultural change, and the integration of security processes throughout the development lifecycle to achieve effective layered security in such agile environments.”

And, let’s not forget Equifax, where an attacker was able to hide in encrypted traffic for months due to an expired certificate. Standardization coupled with automation is important to enable TLS inspection for the purposes of preventing bad actors from hiding in encrypted traffic for long periods of time. Properly automated machine identity management with centralized control makes full visibility possible.

As a member of the security team, you are likely looking to embed security into DevOps in an automated way. Your DevOps teams will love you for taking the burden of manual machine identity management off of their backs. By abstracting away the details, the job of DevOps gets easier since they no longer have maintain cryptographic processes for their applications across all their environments. Cyber attackers will hate you because your network-driven application’s encryption will be much more difficult to bypass.

The benefits of automated machine identity protection for DevOps reach farther than you may have thought. Does your organization use DevOps tools like Kubernetes, HashiCorp Vault, and Terraform? If so, automated machine identity management can be completely compatible! Are you concerned about PCI-DSS compliance? An automated solution can make it easy to demonstrate compliance to auditors! Does your client insist on constant application uptime? Certificate outages are a major cause of outages in DevOps-driven applications, and proper automation can prevent them. If you need a lightweight certificate management solution for DevOps, you can have it.

Automated machine identity protection in DevOps makes life easier for IT security teams and developers. Clients benefit from having more secure and agile application development and maintenance. Auditors can more easily see how your certificates and associated processes are standardized and compliant. Certificates for expired entities can be easily found and removed. DevOps application outages are prevented with automated certificate renewals. And, the only people who aren’t happy are cyber attackers. Well, too bad for them!

Related posts

Like this blog? We think you will love this.
casually dressed man whispering into seated businesswoman's ear
Featured Blog

The Power of Dojos and ChatOps in Security Knowledge Share [CALMS for DevSecOps: Part 5]

The 80:20 rule appears

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

Infographic of big data stream, 3D model of multiple graphs and data points on a dark blue background

New Quantum Cryptography Research Gives Governments an Edge Against Nation State Attacks

picture of the statue of liberty from the bottom, holding a lit torch

Is Cryptography Really a Threat to Liberty? [Labor Day Musings]

Canadian flag image on laptop with coding in the background

Canada Is Getting Ready for Quantum Cryptography

About the author

Guest Blogger: Kim Crawley
Guest Blogger: Kim Crawley

Kim Crawley writes about all areas of cybersecurity, with a particular interest in malware and social engineering. In addition to Venafi, she also contributes to Tripwire, AlienVault, and Cylance’s blogs. She has previously worked for Sophos and Infosecurity Magazine.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat