Speed of IT continues to dramatically increase with cloud computing, IoT, and IT service demands
Manual key and certificate management, used by most organizations, is slowing IT speed
To meet speed demands, corners are cut in key and certificate security or it is sacrificed completely
Stop keys and certificates from slowing innovation. The speed of cloud computing, the demands of internal IT services SLAs, and the explosion of IoT devices must be supported with automated key and certificate management and security.
To improve customer experience, new IT is enabling speed to business in ways that could not have been considered a few years ago. Not too long ago, QA test environments were rebuilt every week. Today they are rebuilt on a continuous basis. Previously, if you wanted to provision a webserver, it would have taken weeks, sometimes months, to secure the hardware followed by the operating system and required software.
I remember how it was before the cloud started being adopted; one customer I worked with mentioned that it was faster for them to retrofit a Boeing 737 than it was to stand up a new webserver. How things have changed with DevOps where a new server instance can be available within seconds today. And containerization has only further increased the speed at which application stacks can be made available. One Venafi customer tears down and instantiates its entire environment every week. Think of the mammoth task—no, near impossible task—this would have been just 5 years ago!
Speed + Security in the Cloud
Without speed to market and dynamic, on-demand service delivery, your competition is going to take your customers. But speed should not come at the sacrifice of security. Think about it, keys and certificate are one of the technologies that are foundational to the internet and the way we do business. They provide authentication and authorizations for millions of systems. Yet keys and certificates, which are at the heart of IT security, often slow down dynamic IT. Most organizations are using manual methods to issue and track keys and certificates. Then when certificates are used with cloud servers, these manual methods are slowing down processes, significantly.
In results from a survey conducted by TechValidate for Venafi, we found that over half (56%) of our customers used manual certificate tracking methods before using our products.
What good is it to be able to instantiate cloud workloads quickly if security slows down the process or, worse yet, is skipped completely in the interest of speed.
Organizations and cloud vendors sometimes try to cut corners in key and certificate security to avoid slowing down cloud provisioning. Dell SecureWorks did a study a couple of years back and found that 1 in 5 AWS instances had rogue SSH keys included in them. You may ask yourself, why is this important? Well, it’s basically the same as buying a new car and making multiple copies of your car keys and handing them out to strangers at your local supermarket—anyone who has the key will then have access to your car!
Most cloud vendors now offer ephemeral session keys that cannot be used again. This dramatically reduces the lifespan of the key material. To support the speed benefits of cloud computing while also ensuring security, keys need to be generated and provisioned automatically based on defined security policies. Regardless of how you provision workloads in the cloud, it is of the utmost importance to ensure that you do not re-use keys. Also make sure you have visibility into where the keys are being used, by whom, and for how long.
Speed + Security for Internal SLA of IT Services
Speed is an important factor in internal IT services Service Level Agreements (SLAs). Other departments turn to IT to deliver services, and key and certificate issuance in support of these services can significantly impact the SLAs to which the IT department can commit.
In the recent TechValidate survey, we found that over half (57%) of the respondents were able to improve their internal IT services SLA after deploying Venafi—over one-third (34%) were able to change this from days to just hours. Automated key and certificate provisioning can have a significant impact on the services SLA that IT can deliver.
We already have a few billion Internet of Things (IoT) devices connected through the Internet. And with the additional IoT devices coming to market, supporting a multitude of use cases, that number is expected to grow dramatically. According to Gartner, by 2020 there will be 25 billion connected “things”, all which need some way of authenticating on the network and communicating securely.
Automakers are expecting cars to be a high-value target for hackers and have already begun to put security controls in place. One such control changes the SSL/TLS certificates at least 12 times per hour—think what a PKI management nightmare that may be if you are not able to automate processes and tell whether a certificate is good or bad, friend or foe. As IoT devices increase, real-time key and certificate management will be needed to keep up with security and access demands.
Security at Speed
Although I focused on cloud, internal IT services, and IoT, there are many other examples where keys and certificates need to be provisioned or replaced very quickly to satisfy the business need. But security does not have to be sacrificed to achieve speed of deployment in any environment. The full key management lifecycle process can be automated so that security policies can be applied and the environment kept safe.
If you are interested to see how Venafi automatically provisions keys and certificates with Chef please review the following demonstration video.
How does your organization ensure your key and certificate management and security keep up with the speed demands of IT?