In keeping with the spirit of the holidays, we have a gift for your overworked PKI teams and their internal customers. We’ve updated the Venafi platform to make it easier for PKI teams to delegate certificate management functions to system administrators. With our enhanced intuitive interface, non-PKI admins can easily and effectively manage certificates for the systems and applications they are responsible for. This frees your PKI teams to focus on higher-level goals such as ensuring that the overall enterprise key and certificate environment remains ultimately secure.
Today we’re unveiling Venafi Trust Protection Platform 16.4, and we’re as excited about unwrapping the new usability enhancements as we are about new SSH and F5 integration features. This release highlights our commitment to providing our customers with the most advanced key and certificate security while at the same time simplifying management for security novices, like many system and application admins.
As I mentioned in a previous blog, it’s rare to find a system admin who really understands encryption and public key infrastructure (PKI) in depth. Only occasionally do they need to request or renew certificates for their applications and devices.
But these occasional users are scattered across your IT team managing databases, servers, load balancers, and other network devices that need valid certificates to communicate securely across the network. They’re specialists in keeping their applications online and optimally tuned. PKI is not an area of strength or interest, frankly. With that in mind, we continue to enhance the intuitive usability in the Venafi Trust Protection Platform for occasional users.
In addition to these new usability enhancements, we’re also introducing tighter integration with F5 Big-IP Local Traffic Manager devices. Here we’re simplifying how F5 administrators can propagate a single certificate to multiple F5 devices, which is going to reduce the time and effort these administrators need to dedicate to managing the security of their load balancers. If you have F5 in your environment, you should really look into this.
Let’s assume that all your F5 devices have certificates. Your PKI team needs to manage and secure these certificates with the same centralized solution that you use for all your other certificates. If you are already a Venafi customer, you’re probably already doing that. If you’re not yet a customer, you should think seriously about getting a handle on the thousands of certificates that may be running amok across your enterprise.
But it’s not just certificates we can help bring under control. We also help manage and secure the throngs of SSH keys across the enterprise. The SSH keys that allow privileged access for your entire IT staff need to be actively monitored for strange or peculiar behavior. Say, for instance, you notice the recent use of a key belonging to a former employee. You should have automated the deletion of that key when the employee left the organization well before it became a potential vulnerability.
Thankfully, we have a solution for bringing all your SSH keys under control, too. And this latest release includes an option to encrypt SSH key material stored in Trust Protection Platform database with Hardware Security Module (HSM)-based symmetric keys. We’re also extending support for our SSH solution to IBM z Systems mainframes.
Yes, there are more features in this release, but we only had room to hit the highlights here. Contact us to learn more about how to better protect and control your encryption environment.