Skip to main content
banner image
venafi logo

Overheard at Machine Identity Protection Virtual Global Summit 2020

Overheard at Machine Identity Protection Virtual Global Summit 2020

a group of young people sitting in a row on the ground against a painted white brick wall, talking and engaging, some of them with laptops on their laps
May 20, 2020 | Katrina Dobieski


Last week the world’s leading experts in machine identity protection assembled (online) to hear the latest rumblings on NIST, data breaches and post-COVID 19 cyberwarfare. Venafi’s second annual Customer Global Summit was underway with seminars on everything from a new machine identity threat model to code-signing-as-a-service to the sleeping dragon of SSH and what Venafi does for multi cloud environments.
 

To create even more excitement during the event, Venafi CEO Jeff Hudson announced in his keynote address that Venafi had acquired DevOps startup Jetstack, the UK based tech company behind the Kubernetes certificate management controller.  Punching above its weight, Jetstack adds a much-appreciated developer’s viewpoint into what experts are starting to label an “essential service” and what we have always called machine identity protection.
 

It’s also important to note that during the event, we made an effort to protect underserved communities as well as machine identities. Thank you to our customers whose participation helped us donate thousands of meals through Feeding America. Together, we were able to feed those in need and expand the global knowledge base of Fortune 5000 machine identity experts.
 

Weren’t able to attend? We’ve captured some of the most defining quotes, below.



 

Machine Identity Protection an Essential Service

In a crisis, would you keep your machine identity protection service running? Given the exponential increase in cyberattacks over the last few months of quarantine, you should. Here’s what we heard about that topic:
 

“We must begin to position machine identity protection in terms of an essential service.”
 

“Your keys and certificates—what systems are critical? If you can’t answer that, talk to Venafi...”
 

“Machine identity management ... is an essential service...It spans all of IAM, you can't digitally transform without it.”                        

“We have to look at [SSH] as a particularly powerful but potentially dangerous protocol we use everyday on an ongoing basis.”

 

Automation and the Digital Transformation

As we rely more on machines to replace functions that were previously conducted within the physical domain, the importance of protecting machine identities becomes paramount. Here’s what we heard about that topic:
 

“If automation was a side topic for you, it’s going to be a prime topic for you now... These machine identities will not be manageable by a human...and this will position you for the digital transformation.”


“It’s about products, not projects anymore.”


“Onboard discovery collects data that you’ll ultimately need when you choose to implement automation later.”


Protecting DevOps and Cloud-Native Applications

In the words of Matt Barker, CEO and co-founder of Jetstack, “Nowadays, business success depends on how quickly you can respond to the market. This reality led us to re-think how software is built and Kubernetes has given us the ideal platform to work from. However, putting speed before security is risky.” Here’s what we heard about that topic:
 

Building PKIs and CAs is hard. It requires an expertise that is not common with DevOps personas. You have to define certain policies in terms of how to access private keys, as well as auditing requirements and compliance.”
 

“Even if you use any of the existing PKI solutions out there, they don’t naturally fit with the API and modern experiences that DevOps require. So a lot of customization is needed.”
 

“Developers are turning to ad hoc manual certificate processes out of sheer desperation because they have no other alternative.”
 

“You have got to ask yourself the question, ‘In the worst-case scenario, if your key was compromised what would you do?’ If you cannot answer that question properly or accurately, then you really could be in trouble.”
 

“Developers can be resistant to change; how do you suggest getting them started following a code signing policy or process?”
 

“Indeed, the best way is to integrate [security] within the current developer’s tool chain and make it as easy as possible to do.”
 

“Someone in the organization wanted to sign code. They asked the PKI team to provide the needed keys and certificates similar to TLS certificates, the key and cert were generated and provided to the person wanting to utilize them. What seemed like a simple action to get a developer what they needed quickly ended up putting the organization at risk because they’ve lost control of the key and have no idea what’s being signed with that.”
 

Workshop: Accelerating Certificate Management with NIST

At the Global Summit, NIST advisor Paul Turner, outlined new NIST guidelines for TLS management and what they would mean for security executives. Here are a couple of interesting questions that he answered during his workshop:

 

Question: “Besides cooperation from the certificate owners, can you share other critical success factors in order to succeed implementing a centralized certificate management solution?”

 Answer: “Quickly: You need executive support. You need a strong technology platform. You need a self-service portal that provides all of the information and functionality for certificate owners to be successful.”

 

Question: “In your experience, how often do you see our customers already have a tool and/or process in place?

 Answer: “Many organizations do not have a tool for managing the processes, or even their certificate automation. Because those certificate owners are often busy with other things, they don't always provide sufficient time or access to their resources.”



A big thank you to our guest speaker from Gartner, the amazing experts at Jetstack and our machine identity customer partners. We look forward to an increased awareness of machine identity protection over the coming year—driven by trial and crisis, but a wake-up call to the industry, nonetheless. As Venafi continues its mission to help security leaders protect all machine identities from outage, compromise and attack, we hope to see you at our next customer summit. Learn more about us.




 

 

Like this blog? We think you will love this.
young man dressed in business casual raising his hand in a room full of seated audience members
Featured Blog

Preparing for Success after COVID-19: Focus of the Second Machine Identity Protection Global Summit

Why is machine identity protection so critical?

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

Machine Identity Protection for Dummies
eBook

Machine Identity Protection for Dummies

About the author

Katrina Dobieski
Katrina Dobieski

Katrina writes for Venafi's blog and helps optimize Venafi's online presence to advance awareness of Machine Identity Protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat