By
Ready to automate certificate provisioning with from your DevOps platform? Try Venafi Cloud today.
The need for security in DevOps environments is essential as we laid out in a recent Venafi post describing the benefits of ensuring security for DevOps, specifically with keys and certificates. I won’t repeat that here, but I’d like to follow up on that blog with some guidance on how you might go about implementing security in a way that ensures its success. Then, I’d like to share some examples on how our customers are automating the provisioning of encryption keys and certificates as part of their DevOps environments.
With its laudable objective of reducing time to market while maintaining application quality and reliability, DevOps is quickly becoming the de facto model for application development. This momentum has spurred a wave of development and management platforms like Chef, Puppet, HashiCorp, Docker, and Github. All of which are designed to help DevOps teams automate, standardize, and accelerate the process of application delivery.
But this focus on speed and agility often comes at the expense of security, which typically falls outside the scope of most development teams. And adding slow and manual steps to secure applications into a highly-automated DevOps environment is sure to be met with criticism or even ignored by developers focusing on speed and agility. In fact, a study showed that 30% of Docker containers are susceptible to high-priority vulnerabilities, which underscores the problem.
So unless you want the distinction of being the IT executive responsible for consistently delivering fast but vulnerable code, you’re going to have to find a way to automate the process of securing your applications, IT services, and the communication across your DevOps environments. And that’s exactly what I’ll focus on here.
Given that standardization and automation are fundamental tenets of the DevOps philosophy, your best chance at getting developers to reliably secure their code is to automate the provisioning of keys and certificates as part of their existing environment. In other words, you should enable their existing tools and processes with this capability, rather than creating a new orthogonal environment that disrupts their existing model.
APIs can be tremendously helpful in this regard since they provide the ability to integrate the procurement and provisioning of keys and certificates into your existing development platforms and workflows. The Venafi API, for instance, allows organizations to standardize and automate routine key and certificate provisioning tasks with the flexibility to integrate into any DevOps platform, such as Chef, Ansible, Puppet, Docker, and more.
Through the API, users can include a fully-automated certificate service directly into their DevOps platforms, which enables them to meet their objectives of reducing time to market while maintaining application quality and reliability. One global bank, for instance, was able to reduce the cost and time of manually processing certificate requests, renewals, and revocations by 60% with the Venafi DevOps solution.
In addition to taking advantage of our API, customers are making use of our sample cookbooks and recipes for Chef, Docker, and other platforms to request, revoke, and replace keys and certificates as part of their existing DevOps environment. Sharing and reusing proven recipes is a great way to get started quickly, and Venafi shares these readily in our Venafi Customer Support Knowledge Base.
By incorporating certificate provisioning directly into existing DevOps environments, organizations can make security a fundamental component of their application development. And when certificate issuance becomes a standardized, auditable process that aligns with security policies, developers don’t have to worry about becoming security experts. They can continue focusing on delivering software efficiently, effectively and (now) securely. Read more about how to integrate security directly into your DevOps environments in our DevOps whitepaper, which includes example use case integrations with Chef and Docker.
Connect DevOps tooling to third-party certificate authorities. Try Venafi Cloud today.
Lorem ipsum dolor sit amet, consectetur elit.
Thank you for subscription
Scroll to the bottom to accept
VENAFI CLOUD SERVICE
*** IMPORTANT ***
PLEASE READ CAREFULLY BEFORE CONTINUING WITH REGISTRATION AND/OR ACTIVATION OF THE VENAFI CLOUD SERVICE (“SERVICE”).
This is a legal agreement between the end user (“You”) and Venafi, Inc. ("Venafi" or “our”). BY ACCEPTING THIS AGREEMENT, EITHER BY CLICKING A BOX INDICATING YOUR ACCEPTANCE AND/OR ACTIVATING AND USING THE VENAFI CLOUD SERVICE FOR WHICH YOU HAVE REGISTERED, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS, IN WHICH CASE THE TERMS "YOU" OR "YOUR" SHALL REFER TO SUCH ENTITY AND ITS AFFILIATES. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, YOU MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICE.
You shall not access the Service if You are Our competitor or if you are acting as a representative or agent of a competitor, except with Our prior written consent. In addition, You shall not access the Service for purposes of monitoring its availability, performance or functionality, or for any other benchmarking or competitive purposes, and you shall not perform security vulnerability assessments or penetration tests without the express written consent of Venafi.
This Agreement was last updated on April 12, 2017. It is effective between You and Venafi as of the date of Your accepting this Agreement.
The Venafi Cloud Service includes two separate services that are operated by Venafi as software as a service, each of which is separately licensed pursuant to the terms and conditions of this Agreement and each of which is considered a Service under this Agreement: the Venafi Cloud Risk Assessment Service or the Venafi Cloud for DevOps Service. Your right to use either Service is dependent on the Service for which You have registered with Venafi to use.
This License is effective until terminated as set forth herein or the License Term expires and is not otherwise renewed by the parties. Venafi may terminate this Agreement and/or the License at any time with or without written notice to You if You fail to comply with any term or condition of this Agreement or if Venafi ceases to make the Service available to end users. You may terminate this Agreement at any time on written notice to Venafi. Upon any termination or expiration of this Agreement or the License, You agree to cease all use of the Service if the License is not otherwise renewed or reinstated. Upon termination, Venafi may also enforce any rights provided by law. The provisions of this Agreement that protect the proprietary rights of Venafi will continue in force after termination.
This Agreement shall be governed by, and any arbitration hereunder shall apply, the laws of the State of Utah, excluding (a) its conflicts of laws principles; (b) the United Nations Convention on Contracts for the International Sale of Goods; (c) the 1974 Convention on the Limitation Period in the International Sale of Goods; and (d) the Protocol amending the 1974 Convention, done at Vienna April 11, 1980.
In the meantime, please explore more of our solutions
In the meantime, please explore more of our solutions
This site uses cookies to offer you a better experience. If you do not want us to use cookies, please update your browser settings accordingly. Find out more on how we use cookies.