Venafi customers get Red Hat approved and certified machine identity management
Automation is everything. But it’s nothing if it’s too complex or time-intensive to implement. Venafi has long realized that the easiest and most effective way to secure application development is to empower developers with security that works the way they do—ideally within the toolsets that they are familiar with.
Machine identity management is no exception to that principle of automation. That’s one of the reasons why the open source machine identity management automation delivered cert-manager—which Venafi donated to CNCF—is wildly popular, being downloaded about 1.5 million times a day. And we are constantly striving to improve our extensive ecosystem to provide developer friendly machine identity management. So, it’s no surprise that we recognized the influence and impact of Red Hat Ansible early on and developed automation collections for Ansible Galaxy, the public repository of pre-built roles, collections, and playbooks for Ansible.
For many of our customers, just having access to these collections was an amazing benefit. It took them a lot closer to achieving the goal of automating machine identity management in a modern development environment. But others, such as one of our large financial institution customers, required the assurance provided by the technology provider’s certification. In fact, they couldn’t even test the software on their systems unless it was certified—due to organization-wide risk and security policies.
The best solution to overcome this challenge was to have the Venafi Ansible Collection certified by Red Hat, the provider of Ansible, which in essence would have Red Hat and Venafi conduct the testing. So we launched in in-depth process and did just that.
The value of a Red Hat certified Ansible Collection
The Red Hat Ansible Automation Platform includes resources from Red Hat and recognized partners to help teams create, manage, and scale across the entire enterprise. Ansible Collections include content that helps teams automate new projects faster.
Within that framework, the Venafi Collection for Ansible automates keys and certificates for Ansible solutions that require machine identity management. Essentially, it's a list of instruction sets on how to automate certificate requests from solutions within the Venafi Control Plane for Machine Identities.
With the Venafi Collection, all of an organization’s Ansible admins and users can easily understand what the Venafi Ansible role requires. They can literally store a credential file that says, here's how to get in and where to request the certificate. And as admins spin up new machines, those machines simply get added to the list of servers that the playbook will apply to. Plus, they get the benefits of a common support model. Because Red Hat has certified that Venafi plugins are at their level of quality, security and functionality, Ansible coordinates with Venafi to resolve appropriate support tickets.
The Ansible Automation Hub makes it easier for our customers who use Ansible to access machine identity management with just a click to download. This is essentially a feature that is unique to Venafi in the machine identity management space. No other certificate management provider is certified by Red Hat. So when Ansible admins search for machine Identity or certificate management, they are only going to see Venafi on that list. We believe that is a huge vote of confidence for Venafi.
The cost savings of using the Venafi Collection on Ansible
While it is difficult to try to quantify specific cost savings, it’s not at all hard to estimate the hours that would otherwise be spent trying to adapt push provisioning versus simply training the Ansible team to use the Venafi role to deploy secure certificates on the fly.
That cost savings can be measured in two ways: teams don't need to train people to do things in a way that’s specific to Venafi per say, they can operate entirely within the Ansible platform. Plus, every net new instance that the team deploys will be automatically picked up by Venafi because Ansible is already managing them.
The teams at our financial services customer are very happy with the certified version of the collection. They now have a certified solution that their end users find acceptable. Why is that important? One of the worst things you can ask a security engineer or architect to do is write an exception. Because then there’s another thing that needs to be tracked. Another thing that shows up in audits. Another thing that could blow up in their faces and impact their reputation. Instead, the security teams are now able to deliver a solution to their internal teams that doesn't require them to go out and do anything out of the ordinary.
This is possible because Venafi was able to deliver a solution that fit their standard way of doing business. And that is one of the real strengths of the Venafi Control Plane—whenever customers want to do things, we give them a path forward. If they want to write their own code, we have APIs. If they want to integrate with Ansible or Kubernetes or Terraform, we have those prepackaged integrations. And now we have eliminated the internal barriers to integration for customers who needed to a certified solution because they're risk averse.