We know that C-level execs are under pressure to deliver shorter software delivery life cycles, but still have risk management teams insisting on stringent encryption policies. To protect against potentially devastating certificate-related outages throughout the life cycle, you simply must know where your machine identities are being used. It's that convergence of these two pressures that present opportunities for expert collaboration within your technology ecosystem.
Cryptosense has recently entered the league of leading developers sponsored by the Machine Identity Management Development Fund. I had the opportunity to meet with Cryptosense, who enable control of the cryptography that protects sensitive data, and learn about their plans for integrating the Venafi Platform and Cryptosense Analyzer Platform. I recently spoke with Graham Steel, who is the Founder of Cryptosense, about their involvement in the Development Fund.
Let’s start by learning about Cryptosense. How did Cryptosense get started?
Graham: Cryptosense is a visibility and control tool for cryptography. It's something that large companies use to figure out where they're using cryptography—where they're encrypting data, where they're doing authentication, where they're connecting users together. And then, they can apply a series of controls to that, basically to figure out whether they're doing it right according to their policy, or whether they're doing it wrong, and they need to fix it. That's essentially our mission.
I started the company in 2013. Before that, I was an academic researcher in cryptography. As part of that research, I worked with a lot of big companies. It was evident that cryptography was a common challenge for them. There was often a lot of in-house expertise, but it was hard for them to see what was going on with their cryptography and the rest of their networks. And that was just getting more and more complicated as software cycles started to speed up, as they started to adopt more and more Cloud technologies, etc.
That's how the opportunity came about! And we just announced a round of funding just under $5 million thanks to some outstanding customers in the U.S. and in the U.K.
Describe the machine identity management challenge your customers face that led you to working with Venafi.
Graham: If you're trying to figure out where you're using cryptography, machine identities are included as part of that discovery. All our customers are looking for cryptographic objects and operations, where they’re coming from and deciding who should have access to them.
Without the integration with Venafi, our customers would deploy Cryptosense, find a whole bunch of stuff out there, interesting stuff! Amongst that would be a whole bunch of machine identities, and they would want to know: how many am I already managing, renewing, keeping track of? And how many of these are maybe being introduced by some anomaly in the process, or maybe something's not going quite right here that I might want to fix? Or maybe I want to get these into Venafi’s inventory as well, so the PKI administrators have that full visibility they require.
Previously, that has been a kind of manual process to resolve. They would have to download a CSV and figure it out in Excel. And this is really laborious. We want to make our reports completely actionable for our users, plus provide automation. When certain processes happen, they automatically check in with Venafi and say, "Hey, we're just about to deploy this container here. It's got these machine identities. Let's just check that Venafi knows about them and has the ability to automate their renewal and provisioning. If they aren’t already in Venafi’s inventory, we can register them, and we can add the information Venafi needs about how and where the certificate is stored, and what it's used for.”
How exactly will the Cryptosense-Venafi integration work?
Graham: The Cryptosense Analyzer platform pulls in data about cryptography from all kinds of places. It has scans from networks; it scans file systems. It scans file systems in containers, it scans inside applications. It watches an application perform some operations and it figures out things like, "Okay, you just used a machine identity there to do some authentication or some verification." And so, it's got all of this data coming into the platform. And that central platform is the part that we've integrated with the Venafi Trust Protection Platform. We're using the Venafi API to do a kind of reconciliation. You can see which machine identities are already managed by Venafi and maybe even populate extra information about the applications, services and ports that are consuming the machine identity.
Venafi knows more about these machine identities than we do! Venafi understands procedural information like, who owns this and what services are we expecting? That adds a lot of value to the Cryptosense report. And that also gives us the criteria to take action—especially when machine identities are discovered that are not being managed. Customers can decide how they want to handle these machine identities. Cryptosense will be able to call the Venafi API again to rectify. But this time, we're actually sending the machine identities that we've found so they are going to become part of the managed set of identities.
The Cryptosense integration is targeted to be complete in Q3 of 2021. Visit Cryptosense on the Venafi Marketplace for more information. And stay tuned for future interviews with Machine Identity Management Development Fund recipients.
This blog features solutions from the ever-growing Venafi Ecosystem, where industry leaders are building and collaborating to protect more machine identities across organizations like yours. Learn more about how the Venafi Technology Network is evolving above and beyond just technical integrations.