Preventing DevOps Security Risks at a Multinational U.K. Bank
Before Venafi: BYOC increased risk, no policy management or centralization; troublesome 2-year certificate lifecycle.
After Venafi: Established fast method for DevOps to generate certificates; supported enterprise security policy with a 4-month certificate lifecycle; saved 1,500 FTE hours—on just the first 10% of certificates.
DevOps teams are asked to deliver Fast IT, which provides the continuous, rapid delivery of IT services to support development and innovation. In this global financial services company, the DevOps team was using a “bring-your-own-certificate” approach to make it faster to include security. To avoid frequent renewals, the team was applying a two-year certificate lifecycle. Without centralization or policy management, this ad hoc, lax approach was increasing risk.
The bank used the Venafi API to integrate automated certificate issuance into their fast IT environment. Certificate issuance was then centrally secured, policy enforced, and fully auditable. With this automated approach, the bank was able to reduce its certificate lifecycle from two years to four months.
The resource requirements for certificate were also reduced. After using Venafi with just the first 10% of the bank’s certificates, the bank was able to save 1500 management hours. Venafi helps the bank save resources and money, while ensuring better security in their DevOps IT services.