Skip to main content
banner image
venafi logo

Your DevOps Teams Shouldn’t Have to Manually Deploy Certificates!

Your DevOps Teams Shouldn’t Have to Manually Deploy Certificates!

Not Today: DevOps Teams Shouldn’t Have to Manually Deploy Certificates
April 1, 2019 | Guest Blogger: Kim Crawley

DevOps is comprised of developers who are focused on application development and patch deployment, and IT teams who are focused on running applications within network infrastructure and meeting the performance metrics expectations of clientele. DevOps is a wonderful model for continuously delivering and maintaining network-based applications in a responsive, efficient, and dynamic manner. DevOps thrives when each participant focuses on the tasks which they're best qualified to do, in constant communication and collaboration with all the other teams that are involved.

Developers know that bugs are inevitable in all code, and new software features frequently need to be delivered to suit the changing needs of business clients. DevOps works best when changes can be made to software as quickly as possible. Unfortunately, when there aren't sufficient security practices and systems in place, the speed expected of DevOps can lead to massive vulnerabilities and exploits. Recent such incidents are mentioned in Learning From Data Breaches: Integrating Security in DevOps:

“On September 6, 2018, airline giant, British Airways, disclosed that the company had suffered a data breach that affected the personal and financial data of approximately 382,000 customers. A similar breach was reported by Ticketmaster in June of 2018, and this month marks one-year anniversary of Equifax data breach, wherein half of US population was impacted. A common denominator of all these data breaches is the speed at which code was published.”

“Companies jump into the DevOps bandwagon with an assumption that automation is the sole driver for adoption. However, these data breaches are strong evidence that it takes a blend of automation, cultural change, and the integration of security processes throughout the development lifecycle to achieve effective layered security in such agile environments.”

Manual machine identity deployment contradicts the main objective of DevOps- to deliver and maintain applications in an agile and dynamic manner. Role-based access control is also a lot more effective when the possibility of human error is taken from the TLS certificate process. And DevOps teams are usually under a lot of pressure to deploy patches, application improvements, and new features. Clients want their needs and feedback to be responded to as quickly as possible. Under those circumstances, the risk of human error in manual machine identity configuration is even greater.

That's why security must be built into every aspect of the DevOps lifecycle. Development and IT teams aren't encryption specialists. Their work must be focused on the tasks which they do best. Therefore, there needs to be mechanisms to automatically produce, deploy, and implement machine identities at the speed of all the work that DevOps does, especially TLS certificates.

A June 2018 Forrester Consulting study commissioned by Venafi, which you may download here, illuminated how challenging machine identities are for organizations. 116 cybersecurity professionals from financial services and insurance organizations in the UK, Australia, the US, France, and Germany participated.

71% of respondents believed that effective machine identity protection is vital to the security and viability of their companies over the long term. That’s great! Unfortunately, only 34% tracked SSH keys which serve as machine identities. A mere 28% tracked the machine identities of containers, and just 26% tracked the machine identities of microservices. Those are all entities which are involved in DevOps! Tracking machine identities, and their overall visibility is absolutely crucial. Lost and stray machine identities in your organization’s networks can be easier for cyber attackers to find than house keys slipped under doormats. Automating machine identity management is the only effective way to make sure that the only certificates in your networks are ones which are secured and in deployment. Especially given the really short lifespans of the containers and microservices which DevOps uses, manual machine identity management is a cumulative recipe for disaster.

Additional study findings just make the need for automated certificates in DevOps even more obvious. 41% of respondents said that system administrators can’t focus on machine identity use and protection. It’s not their fault, they have so many other responsibilities, especially in DevOps. 45% of respondents said that machine identity protection will be a higher priority than human identity protection within the next two years. That’s a really significant shift for identity access management within DevOps.

The needs and demands of DevOps are changing rapidly, as are all of the pertinent cyber threats. Development teams are constantly patching and deploying new features. Plus, they often have to keep on top of stuff like changes to APIs and how a client’s needs change over time. On the operations side, IT has to focus on changes made to the networking infrastructure itself, and the constant tasks of system and network administrators. It’s not realistic or appropriate to add manual machine identity management on top of everything else.

So, what can DevOps do to improve machine identity management and automate the process as much as possible? And what about the cultural change, and the integration of security processes throughout the development lifecycle that are increasingly necessary to prevent catastrophic cyber attacks? That’s what my next post is about. Stay tuned!

Related posts

Like this blog? We think you will love this.
DevOps, DevSecOps, CALMS
Featured Blog

CALMS for DevOps: Part 1—Why Culture Is Critical

DevSecOps seeks to address these challenges, and I find a useful way to break down how it does th

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

quantum cryptography qubit image

Quantum Computing Threatens All Current Cryptography

trump encryption

Will the Trump Administration Succeed in Banning End-to-end Encryption?

HTTP, man-in-the-middle attack, HTTPS, TLS, TLS certificate, phishing attack

Can Attackers Use a New HTTP Exploit to Bypass Your TLS?

About the author

Guest Blogger: Kim Crawley
Guest Blogger: Kim Crawley
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat