DEVOPSdigest

Venafi announced an expanded technology partnership and integration that seamlessly addresses DevOps certificate challenges. Additionally, Venafi Cloud is now fully integrated with GlobalSign’s high-performance PKI solutions for enterprises.

The integration of Venafi Cloud and GlobalSign PKI for DevOps provides DevOps teams with quick, high-speed access to trusted machine identities across multiple clouds, hybrid infrastructure, and containerized environments. Security teams can rest assured DevOps teams are using standardized, automated SSL/TLS certificates that fit enterprise policy and eliminate errors. By using GlobalSign's cloud-based PKI services, developers and information security teams eliminate the need to build and manage CAs and supporting services, including Online Certificate Status Protocol (OCSP) and Certificate Revocation Lists (CRL).

Venafi Cloud offers DevOps teams out-of-the-box integrations, including HashiCorp Terraform, HashiCorp Vault, SaltStack, Ansible, Docker and Jetstack cert-manager. The Venafi Cloud and GlobalSign’s PKI for DevOps solution also features well-documented standard interfaces that can be used across teams, including a REST API, an open source VCert SDK (available in Go and Python) and ACME. Enterprises of all sizes can now have one service for machine identities across their hybrid infrastructure and multiple clouds, helping to increase the speed of DevOps.

Cryptographic keys serve as machine identities and are the foundation of security for all applications on enterprise networks, the internet and cloud environments. As organizations embrace DevOps, the number of machine identities required is exploding. However, because developers maintain their own methods for obtaining and using machine identities, the situation quickly becomes chaotic, expensive and risky. As a result, developers look for shortcuts, including using machine identities from unauthorized CAs and weak self-signed and wildcard certificates. When left unchecked, DevOps teams can create risk through vulnerabilities and errors that enter production environments, increasing an organization’s overall attack surface.

“Now with support for GlobalSign’s highest performing and scalable PKI service, Venafi Cloud eliminates the machine identity risks that have plagued DevOps, hybrid and multi-cloud environments,” said Kevin Bocek,VP of Security Strategy and Threat Intelligence for Venafi. “Now, DevOps teams get the fastest, easiest way to automate TLS certificates whether they’re using ready-to-use integrations or powerful APIs. And security teams are happy knowing trusted certificates are being used correctly because they have complete visibility. We are thrilled that our partnership with GlobalSign will provide DevOps organizations with more dynamic, flexible machine identity protection solutions.”

Key benefits of the Venafi Cloud and GlobalSign integration include:

- Support for DevOps use cases that require ultra-high-speed certificate issuance; allows certificates to be delivered in seconds.

- Embeds certificate issuance into the tools developers are already using, including configuration management, container orchestration, release automation, and secrets management tools.

- Incorporates policy-enforced certificate issuance directly into CI/CD pipelines and enforces the appropriate policies for each environment.

- Prevents outages by automating the certificate lifecycle, eliminating errors, and enforcing security policy within DevOps workflows with out-of-the-box integrations, multiple APIs and SDKs that can be used everywhere, including the Automated Certificate Management Environment (ACME) protocol.

- Improves security posture by securing infrastructure as it is spun up, enabling end-to-end HTTPS with consistent, can-be-used everywhere integrations, interfaces, APIs and SDKs.

- Eliminates the need to manage PKI in-house or rely on self-signed certificates.

- Complies with The Payment Card Industry Data Security Standard (PCI DSS), National Institute of Standards and Technology (NIST), Health Insurance Portability and Accountability Act (HIPAA), and other audit frameworks.

“This integration enables DevOps teams to automate the procurement and installation of trusted digital certificates,” said Nisarg Desai, Director of Product Mmanagement, IoT and DevOps for GlobalSign. “By combining GlobalSign’s highly scalable PKI for DevOps solution with Venafi Cloud certificate policy management and enforcement, organizations are now able to improve security, boost productivity and comply with regulatory frameworks – such as PCI DSS, NIST, and HIPAA – with just a few lines of code.”