Skip to main content
banner image
venafi logo

Making Fast IT Secure with Key and Certificate Automation

Making Fast IT Secure with Key and Certificate Automation

Making Fast IT Secure with Key and Certificate Automation
March 14, 2016 | Carl Bourne
Key Takeaways
  • How you can achieve centralized and fast security for DevOps with Venafi Trust Protection Platform
  • How the Venafi Platform helps you control keys and certificates within a Chef environment
  • Tips for rapidly enabling key and certificate services for DevOps teams

This is the first of two technical blogs that discuss FAST IT and its impact on security. We understand that the development landscape is changing rapidly and we are here to help you to keep pace with the speed of that change. We’ll post part two shortly.

In this blog, we explore how the lifecycle for critical cryptographic assets can be seamlessly and centrally governed by policy within today’s highly dynamic fast IT environments. We’ll cover a high-level use case for how the Venafi Trust Protection Platform integrates with the Chef DevOps framework using a cookbook for the procurement of X.509 certificates. The principles outlined in this use case can just as easily be incorporated into almost any other DevOps framework.

Controlling the use of keys and X.509 certificates in today’s highly dynamic world of compute, container, and micro services raises new challenges that require a new approach. In this new world which emphasizes fast delivery, security simply cannot be enforced using traditional slow IT policies and processes.

Forrester Report shows 70% of companies are not tracking cryptographic assets like they should. Read the Study. 

The speed of providing IT services has accelerated dramatically.

Business consumers and IT professionals are demanding new IT services and environments that are created at scale and speed. They demand Amazon AWS-'like' capabilities at similar speeds for 'internal' IT services. Most enterprise organizations have moved to a bi-modal IT structure with two stream/two speed IT: one that supports existing apps that require stability and another that delivers fast IT for innovation and business-impacting projects. To facilitate this demand many organizations are implementing processes and tooling that favor short-lived virtual machines, containers, and micro-services over the more traditional long-lived computing platforms. 

While these new tools and frameworks allow for speed and scalability they do not provide centralized security services. Thus, security often falls back to the traditional slow, manual, and error-prone way of doing things. Even worse, security policies and procedures are often ignored in-lieu of just getting the job done quickly.

However, keys and certificates are the foundation for securing modern SSL/TLS-based data communications. There is nothing to replace this foundational system of trust on which the Internet is based, nor will there be any time soon - which means keys and certificates are here to stay and will continually increase in numbers.

DevOps accelerates IT services

Figure 1. Automating key and certificate support for DevOps

Venafi’s industry-leading and proven Trust Protection Platform is already helping Global 5000 organizations fully encapsulate, secure, automate, and audit entire key and certificate lifecycles across their traditional IT services and infrastructures. Through the use of the Venafi API, all of these services can be made available to the new world of fast IT.

Going fast with keys and certificates.

For DevOps, the process for procuring correctly issued certificates often falls into the ‘SlowOps’ category of legacy IT, and significantly reduces velocity. DevOps teams are often found working outside of corporate security boundaries, policies, and guidelines. This isolation helps these teams get development and new innovation done faster, at the speed of business. But it also potentially introduces security risks and bad practices within the very environments that are being created - all in favor of speed.

Here are some examples of what DevOps teams may decide to do to get around the time it normally takes to procure certificates for their environments. Examples of shortcuts include:

  • Don’t use TLS/SSL
  • Create their own certificate authorities
  • Create self-signed certificates
  • Use unapproved certificate issuers
  • Create certificates with weak signature algorithms
  • Deploy certificates with long expiration periods
  • Misinterpret or completely ignore security policies

The Venafi Platform can be configured to selectively expose some or all of its workflows and processes via easy-to-use REST APIs. These APIs can then be directly consumed by almost any DevOps, including continuous integration/delivery, automated build/deployment and container solutions such as Chef, Ansible, Puppet, SaltStack, Hashicorp, Docker, Kubernetes, UrbanCode to name a few.

Use Case - Venafi Platform integration with Chef

Figure 1 below provides an example of how the Venafi Platform easily integrates into a new or existing Chef framework. A simple sample cookbook can be used by DevOps teams as a way to get started when using Venafi’s key and certificate services.

Venafi integrates with the Chef framework

Figure 1. - Example Venafi Trust Protection Platform integration with Chef Framework

Provide fast security with fast IT

The Venafi Platform lets organizations realize the benefits of Fast IT without compromising security. Security teams can now centrally define policy through the Venafi API and enable DevOps to properly comply with security policies and best practices. Venafi makes it easy for DevOps teams to correctly apply and build in security from the beginning.

Our platform provides the following benefits to DevOps teams:

  • Unique keys and certificates are generated and issued on demand in seconds
  • Uses the same platform for DevOps as that used by existing security teams and system administrators
  • Single view of security posture and compliance with integration to Help Desk systems and SIM/SIEM environments. 
  • Automated remediation and re-enrollment as standards and policies change 
  • Automated alerts based on anomalies detected inside an organization and externally
  • Virtually infinite scalability without additional administrative overhead

NOTE: The use case depicted in this article is intended to provide a very high level example of how Venafi APIs can be used by security teams to provide key and certificate services to DevOps teams. Since most of the components fall outside the Venafi domain the solution has not been subjected to any security validation, screening, or ratification by Venafi.

Learn more about machine identity management. Explore now.  


Like this blog? We think you will love this.
Featured Blog

A Guide to Popular DevOps Tools and How They Work

What is Infrastructure as Code (IaC)?

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Carl Bourne
Carl Bourne
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more