As a new team member at Venafi, understanding machine identities and the importance of properly managing them required a fair amount of imagination. So, I just decided to follow my fancy and think about fun new ways to explore machine identity management. I hope you’ll enjoy my light-hearted flight of fantasy. I’ll share it with you here.
For a recovered young adult fantasy novel addict, the world of machine identities presented itself as an exciting new realm to explore. My first stop on the journey to understand machine identities was Kubernetes. Even though I was just beginning to learn to steer the ship [pun intended], I had started with the most modern application for machine identities: container security. There were many new concepts to absorb, but that one, in particular, necessitated a trip to Google and several panicked virtual meetings with peers.
Looking back, researching Kubernetes helped me understand how much I had to learn before I could fully comprehend the space Venafi occupies. It was the epitome of abstraction and a kind of chaotic deity of certificate creation, proliferating rapidly and running around unmanaged in many cases. Eventually, I was able to grasp that our solution for managing cloud-native certificates, TLS Protect for Kubernetes, was just what harried InfoSec teams needed to tame the uproarious winds of certificates in Kubernetes and OpenShift environments.
Making sense of the Venafi portfolio
Once I had carved out a mental space for Kubernetes and related concepts to occupy, I still needed to make sense of the different products in the Venafi portfolio, all of which seemed to blur together due to their conceptual presentation. It felt maddening to attempt to understand the difference between TLS certificates and SSH keys. Then there was code-signing. And the patriarch of them all, the Trust Protection Platform—watching over all the different types of warriors. To fully differentiate between all these types of machine identities, I needed to explore these seemingly mythical creatures separately to fully understand their distinguishing characteristics.
TLS certificates still appear to me like a shapeshifting entity; settling on a stable and fitting mental image has proved a difficult feat for my mind. However, when I compare TLS certificates to SSH keys, one clear difference emerges: one is more ephemeral and the other possesses eternal life. TLS certificates “shapeshift” because they have short lifespans and must be replaced often. SSH keys are immortal genie-types; if Jafar got ahold of them, they could be used for nefarious activity. Unlike the other two, code-signing machine identities evokes a rather simple visual: a signature (or fingerprint, or a blood sample, or a tooth imprint).
The most enlightening piece of information about our product line came from Venafi CEO, Jeff Hudson. He explained that he coined the slogan “fastsecure” after musing on the function of a bicycle helmet. Because he could be assured of his safety while wearing that helmet, he was able to navigate steep downhills at great speeds. He sees the same type of scenario playing out with machine identity management every day. For me, I found his way of integrating his work with his everyday life inspiring. Maybe one day I’ll no longer see the world of machine identities as a parallel fantasy realm, but as part of my own reality as well.