Venafi today announced that cert-manager, the open source standard for cloud native machine identity management created by Jetstack, a Venafi company, has been downloaded more than 1 million times a day for the last 18 months. This data brings into sharp relief the critical importance of machine identity management to the security of containers in cloud native environments.
Cloud native machine identities create tipping point for the adoption of Zero Trust security models
“Today, every business – irrespective of industry – develops software, and most of these businesses have accelerated their migration to cloud native development methodologies to speed up software innovation,” said Kevin Bocek, vice president of threat intelligence at Venafi. “This shift has dramatically increased the number of machines on enterprise networks accelerating the adoption of identity centric security models, like zero trust,” according to Bocek.
“There’s a direct correlation between the increasing number of applications and data hosted outside of traditional networks, and the increasing volume and sophistication of the security threats targeting cloud native environments,” Bocek added.
Identity management for machines, which include devices, applications and containers, is much more complex than identity management for humans; this is why existing security frameworks don’t solve the problem. This complexity, combined with the rapid growth in Kubernetes adoption, is creating new identity management challenges for security teams already stretched by the shortage of skilled resources.
“As organizations look to implement zero trust principles to secure their fast-growing cloud native environments, an identity-first security model becomes a required capability,” said Matthew Bates, CTO and co-founder of Jetstack, a Venafi company focused on cloud native. “The human-centric and location based legacy security mechanisms we have relied on previously are no longer fit for purpose.”
cert-manager allows developers to ship software that is secure by default
Cert-manager was created by Jetstack as an open source project to simplify the automation of certificate management within Kubernetes. Cert-manager builds natively on top of the Kubernetes API to issue and renew X.509 certificates from popular public and private certificate issuers, including Let’s Encrypt, Hashi Corp Vault and the Venafi Trust Protection Platform. Cert-manager has hundreds of contributors and 8.9K stars on GitHub. In 2020 it was accepted into the CNCF and the Jetstack team continues to maintain the project making over 70% of all code commits to the project.
Bates continued, “In Kubernetes and OpenShift clusters unique, trusted machine identities are required across the stack to enable secure communications north-to-south and east-to-west, and to provide the identity foundations for fine-grained authorization controls. The open source cert-manager project makes it easy and fast for developers to ship software that is secured by default, helping to manage all machine identities. With over 5.6 million Kubernetes developers worldwide, it shouldn’t surprise anyone that cert-manager is downloaded millions of times a day. It is clearly the de-facto standard for managing and security machine identities in cloud native environments. We’re thrilled to maintain and invest in this critical project in the open source ecosystem.