As the market demand for IT services is accelerating faster and development cycles are becoming shorter, the way we think about machine identities is changing. Historically the IP address was the unit of identity for security, and independent from any PKI identity. This was a workable approach when IPs were relatively static, and the rate of change was low. If applications were deployed every six months, or every year, we could make that work.
The challenge is that we're in a market now where every organization wants to adopt cloud. They want to adopt the CI/CD, DevOps, and more agile methodologies. They want to deploy a lot faster than every 6 to 12 months. As you start doing that, infrastructure becomes much more dynamic and ephemeral. Using the IP address is really challenging since it’s no longer a static value that you can use to base all your policies off of. Instead, we need to think about solving the same problems in a different way. Where the industry is moving towards is a cryptographic approach to machine identity with PKI sitting at the root.
This is a challenge for our users and customers as they move into the cloud. They don't know how to secure their dynamic infrastructure, and we’ve seen that Global 2000 organizations care deeply about security as well as good operational hygiene. This is particularly true around their PKI setup.
Machine Identity Security Architecture
For many organizations, we see Vault becoming the central point in their infrastructure in terms of how developers consume secrets and how operators integrate pipelines and automation into development cycles. The bigger challenge then becomes that developers or operators aren't the only groups within a company. They exist within a broader corporate environment that includes: compliance, security, and PKI management teams. We have this challenge of how to keep everyone happy and productive.
From the perspective of the developers and operators, they want to leverage Vault for the automation, especially given its API driven nature. With security, compliance, and PKI teams they are increasingly choosing Venafi to have a standard way of applying controls for machine identities. They want to have a standard way of doing PKI with proper hygiene around it.
That’s where the HashiCorp and Venafi integrations get interesting. Together, we enable infrastructure automation in a way that's secure, and in a way that customers feel comfortable with. Organizations who are already leveraging Venafi for their PKI setup can continue to use that as a way for them to automate how provisioning is done. For operations teams and developers who want to consume secrets, they get an integrated solution with strong control over machine identity from Venafi, paired with the CI/CD or DevOps benefits that HashiCorp brings. The integration enables the best of both worlds.
Leveraging the integration between Vault and Venafi gives organizations a no compromises answer. Every team can be satisfied without compromising anything. That’s why it's super important for large organizations that need to drive alignment between multiple groups. Our joint integration works preserve the user experience and make sure all groups are aligned. We are helping those DevOps teams go faster while helping the security teams keep their PKI root safe.
HashiCorp will be demonstrating in the Venafi booth at RSA 2019, March 4-6. If you’re attending the conference, stop by booth 6359 to see our integrated solution. If not, learn more about HashiCorp and the Venafi Technology Network at http://marketplace.venafi.com.
Zero Trust with cert-manager, Istio and Kubernetes
Related Posts
- X.509 Certificate Issuance: Too Slow for DevOps?
- Why True End-to-End Encryption is Important for Distributed Apps
- How Vulnerable Are DevOps Certificates? New Study Reveals Weak Use of Cryptographic Security in DevOps