The need for security in DevOps environments is essential as we laid out in a recent Venafi post describing the benefits of ensuring security for DevOps, specifically with keys and certificates. I won’t repeat that here, but I’d like to follow up on that blog with some guidance on how you might go about implementing security in a way that ensures its success. Then, I’d like to share some examples on how our customers are automating the provisioning of encryption keys and certificates as part of their DevOps environments.
With its laudable objective of reducing time to market while maintaining application quality and reliability, DevOps is quickly becoming the de facto model for application development. This momentum has spurred a wave of development and management platforms like Chef, Puppet, HashiCorp, Docker, and Github. All of which are designed to help DevOps teams automate, standardize, and accelerate the process of application delivery.
But this focus on speed and agility often comes at the expense of security, which typically falls outside the scope of most development teams. And adding slow and manual steps to secure applications into a highly-automated DevOps environment is sure to be met with criticism or even ignored by developers focusing on speed and agility. In fact, a study showed that 30% of Docker containers are susceptible to high-priority vulnerabilities, which underscores the problem.
So unless you want the distinction of being the IT executive responsible for consistently delivering fast but vulnerable code, you’re going to have to find a way to automate the process of securing your applications, IT services, and the communication across your DevOps environments. And that’s exactly what I’ll focus on here.
Given that standardization and automation are fundamental tenets of the DevOps philosophy, your best chance at getting developers to reliably secure their code is to automate the provisioning of keys and certificates as part of their existing environment. In other words, you should enable their existing tools and processes with this capability, rather than creating a new orthogonal environment that disrupts their existing model.
APIs can be tremendously helpful in this regard since they provide the ability to integrate the procurement and provisioning of keys and certificates into your existing development platforms and workflows. The Venafi API, for instance, allows organizations to standardize and automate routine key and certificate provisioning tasks with the flexibility to integrate into any DevOps platform, such as Chef, Ansible, Puppet, Docker, and more.
Through the API, users can include a fully-automated certificate service directly into their DevOps platforms, which enables them to meet their objectives of reducing time to market while maintaining application quality and reliability. One global bank, for instance, was able to reduce the cost and time of manually processing certificate requests, renewals, and revocations by 60% with the Venafi DevOps solution.
In addition to taking advantage of our API, customers are making use of our sample cookbooks and recipes for Chef, Docker, and other platforms to request, revoke, and replace keys and certificates as part of their existing DevOps environment. Sharing and reusing proven recipes is a great way to get started quickly, and Venafi shares these readily in our Venafi Customer Support Knowledge Base.
By incorporating certificate provisioning directly into existing DevOps environments, organizations can make security a fundamental component of their application development. And when certificate issuance becomes a standardized, auditable process that aligns with security policies, developers don’t have to worry about becoming security experts. They can continue focusing on delivering software efficiently, effectively and (now) securely. Read more about how to integrate security directly into your DevOps environments in our DevOps whitepaper, which includes example use case integrations with Chef and Docker.