Skip to main content
banner image
venafi logo

Simplifying Machine Identities for DevOps Security

Simplifying Machine Identities for DevOps Security

October 14, 2020 | Robert Masterson, Thales

In today’s fast-paced business environment, organizations must streamline software development as coding new applications and software updates are an everyday task. Enterprise-class code development has evolved on two fronts to handle this volume: Globally dispersed development teams; and DevOps tools that include the Agile process.

While this paradigm shift has enabled organizations to keep up with growing and quickening business needs, it can also expose a company to security risks. From development through deployment, code sections and full applications (micro-services) have to pass between contributors that could be geographically distant. Without strong security that maintains a Root of Trust, data protection cannot be ensured.

How to balance strong security with the fast pace of DevOps?

Oftentimes, organizations leave the task of figuring out what encryption and device identity management solutions to use to the development team. Security professionals may find open source and free tools are easy to obtain, and, at first glance, appear to be “good enough”. This might be “good enough” for a new application that is incubating, but once it nears deployment and “graduates” to an enterprise-class product, end-to-end security is required to protect customer data as well as the organization’s reputation.

For reference, let’s look at a high-level view of the steps involved in a secure DevOps process:

  • The developer needs to check-in the new micro-service as part of Continuous Integration / Continuous Development (CI/CD) Agile development process
  • A secure machine identity is required for the micro-service code
  • A Certificate Signing Request (CSR) is sent to a trusted Certificate Authority to be fulfilled
  • The new CSR is received back to the developer and installed in the micro-service
  • The security of the micro-service code is now assured and can now be submitted, as the identity of the code can be assured

If we take a closer look at the steps above, it’s easy to see how the steps required to establish code security could negatively impact the efficiency and productivity of the developer. Essentially the developer would be trading speed for security. Even worse, if the developer uses an unproven solution that is not enterprise-class, the chances of machine identities being compromised increases greatly.

Another way to slow down the DevOps process is to force developers to use different tools to meet DevSecOps policies and global compliance regulations. Learning new tools, or using tools that are not well known to the developer, may add training time and possible errors that are avoidable if the developer can stick to the tools they know best.

End-to-end DevOps Solution offers the best of both worlds

To address the security needs of DevOps while maintaining the speed of the Agile process, Thales, Venafi, and HashiCorp have integrated and tested a complete end-to-end DevOps solution. With Venafi’s Trust Protection PlatformHashiCorp’s Vault Enterprise Platform and Thales Luna Hardware Security Modules (HSMs), an organization’s DevOps team will have a comprehensive encryption key and device identity management solution.

To learn more about the solution, please visit Thales on the Venafi Technology Network or download our joint solution brief, “Simplifying DevOps Security with Thales, Venafi & HashiCorp”.


Related posts


Learn more about Machine Identity Management.

Like this blog? We think you will love this.
cloud cyber security, cloud security, zero trust security
Featured Blog

Why Zero Trust in the Cloud Requires On-demand Machine Identity Management

So, as machines are spun up in the cloud, we need to assign security parameters based on their p

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Robert Masterson, Thales
Robert Masterson, Thales
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more