The global COVID-19 pandemic has forced many organizations to implement digital transformation strategies, including cloud migration, more quickly than anticipated and with less opportunity to plan for the potential security risks brought about by having even more machine identities in use than originally predicted. In fact, the Flexera report reveals that almost 60% of organizations expect their cloud use to exceed plan as a result of the pandemic.
Machine identity management in the cloud can be significantly more complicated than it is on-premises. Plus, most organizations are using more than one cloud platform, each with its own attributes and functionality. Putting aside multi-cloud strategies and the sheer number of machines that need to be protected, every cloud instance must interact with hundreds, if not thousands, of other containers, services, machines and platforms, many of which may belong to third parties—and all of these machines in the cloud have wildly varying lifespans and integration methods.
Even with these considerations, introducing a machine identity management platform will bring a number of benefits to your enterprise. Many of the largest, most security-conscious organizations are considering or have migrated portions of their IT infrastructure to Google Cloud Platform (GCP)—while ensuring a foundation of trust for their machine identities. These customers recognized from the get-go that that in order to use the cloud to deliver business objectives, they needed to have an effective machine identity management strategy in place. How do they do it?
Learn all about out how a Fortune 50 financial services company performed a successful migration to GCP and take on their machine identity management challenges in the cloud!
A Fortune 50 financial services company started to migrate the majority of its application development, including most of its business logic, to Google Cloud Platform (GCP). They decided to go with GCP because Google’s new private CA is a managed offering, where the customer no longer has to dedicate additional resources to keep it up to date.
But to be successful with this migration, the company needed to solve three challenges:
- Standardize methods of secrets management using HashiCorp Vault within Google Kubernetes Engine (GKE)
- Natively manage TLS certificate lifecycles from within GKE clusters with the same security parameters they already use with their on-premises applications
- Build a cloud-native, certificate management service that wouldn’t slow down developers needing to rapidly issues certificates for their applications and services
Venafi was able to help them solve all of these problems. Using the Jetstack cert-manager, an open source Kubernetes controller for TLS-based machine identities which is integrated with the Venafi Trust Protection Platform, provided the company with the same functionality in the cloud that they already had with their on-premises environment. With cert-manager, developers now could request TLS machine identities as part of their application development lifecycle without having to be fluent in TLS machine identity management or the complex relationship between machines, certificates, applications and keys.
Moreover, cert-manager gave the InfoSec team dashboard-level visibility into the company’s complete certificate inventory within GKE, so they were able to set up enforceable and auditable security policies within DevOps processes. Now all the GCP certificates show up in the Venafi dashboard even though they come from within a Kubernetes cluster, and InfoSec now can manage and protect them in the dynamic GCP environment. Said one of the DevOps leads: “We’re actually able to work faster and have better security. You can actually have it all!”
The company realized that effective, automated management of their machine identities was foundational to ensuring security and trust in their cloud environments. In fact, they knew that given the unprecedented number of machine identities they were now managing in the cloud, anything less would lead to failure.
As a result, they decided to use the Venafi platform to solve their machine identity management challenges in the cloud. Venafi is unique in the machine identity management space because the solution manages all the elements that comprise the machine identity framework of trust across the cloud. In addition, the Venafi Platform assures consistent levels of security across each organization’s entire IT environments—in public and private clouds and on-premises—by applying consistent policies and processes regardless of the location of the machine identity being protected.
Want to learn more? Check out our eBook “Tale of 3 Clouds” to learn how other enterprises leveraged Venafi to manage their machine identities in each of the top three public clouds: Azure and GCP.
- A Tale of 3 Clouds Part 1: Venafi and AWS
- 5 Cloud Catastrophes and How to Avoid Them
- Introducing Google Cloud’s Certificate Authority Service
- Are You Doing Multicloud Safely?