New product enables organizations to increase observability, consistency and control of machine identities across complex Kubernetes environments
SALT LAKE CITY, January 24, 2023 – Venafi®, the inventor and leading provider of machine identity management, today introduced TLS Protect for Kubernetes. As part of the Venafi Control Plane for machine identities, TLS Protect for Kubernetes enables security and platform teams to easily and securely manage cloud native machine identities, such as TLS, mTLS and SPIFFE, across all of an enterprise’s multi-cloud and multi-cluster Kubernetes environments. By delivering increased visibility, control and automation over machine identity management within more complex cloud native infrastructures, it helps enterprises improve application reliability and reduce development and operational costs.
“As organizations shift from traditional data center environments to modern, highly distributed cloud native infrastructures like Kubernetes, the volume of certificates and machine identities explodes, leading to increased threat risks and an increased need for security controls,” said Shivajee Samdarshi, chief product officer at Venafi. “Through the Venafi Control Plane, we’re modernizing machine identity management and making managing machine identities in cloud native environments easier than ever. TLS Protect for Kubernetes gives security and platform teams the observability, consistency and control over machine identities to ensure a validated and auditable chain of trust exists for every workload deployed to a Kubernetes cluster, including consistent approaches to certificate configurations and security policies.”
Built with a fully supported version of the cert-manager open source project – the de facto cloud native solution designed by Jetstack, a Venafi company, for developers to automate TLS and mTLS certificate issuance and renewal – TLS Protect for Kubernetes provides in-cluster observability to identify and remediate security risks stemming from poorly configured certificates, as well as offers options for security controls over certificate issuance to meet the security team policy for enforcing trust. It also includes a management interface that provides full visibility of public trusted certificates for ingress TLS, as well as private certificates for inter-service mTLS for pod-to-pod and service mesh use cases. By building a detailed view of the enterprise security posture across multiple clusters and cloud platforms, including certificates that have been manually created by developers, it proactively identifies operational issues that help platform teams maintain cluster integrity and prevent outages.
Features in TLS Protect for Kubernetes include:
- Observability – Through a comprehensive web-based management interface, security and platform teams can easily discover machine identities used across all clusters, including alerts on machine identity management infrastructure health, compliance and configuration. It provides an instant visual status of all workload certificates, including their association with Kubernetes resources and X.509 certificate configurations. This includes certificates that have been manually created by developers. The interface works as both a cluster monitoring and machine identity management tool to identify potential security holes, such as unauthorized workloads, and proactively recommend fixes for identified cluster configuration errors.
- Consistency – TLS Protect for Kubernetes enforces machine identity policy for TLS, mTLS and SPIFFE VID across all clusters based on enterprise security policies and ensures the proper version of cert-manager is used and configured consistently.
- Reliability – The product integrates natively with Kubernetes environments to ensure performance and scalability, including a commercially supported, FIPS 140-2 compliant and signed version of the open source cert-manager project to provide enterprise-grade machine identity management across Kubernetes environments. As each new cluster is created, security teams can empower platform teams by using TLS Protect for Kubernetes to automatically bootstrap a fully supported and hardened version of cert-manager with each new cluster. This delivers better consistency for the way security tooling is managed across multi-cluster environments and reduces the risk of security drift for production environments.
- Freedom of Choice – TLS Protect for Kubernetes supports multi-cloud configurations, cloud platform providers and Kubernetes distributions. It also integrates with popular secrets vaults and other DevOps and cloud native solutions.
TLS Protect for Kubernetes is generally available today to all customers. To learn more about the new product, please visit https://venafi.com/tls-protect-for-kubernetes/ or join the upcoming “Using Venafi for policy and control of certificate lifecycle management in Kubernetes” webinar on February 23 at 8:00am PST/11:00am EST/4:00pm GMT. Register for the webinar at https://trust.venafi.com/automate-certificate-policy-in-kubernetes/.
Venafi is the cybersecurity market leader in machine identity management. From the ground to the cloud, Venafi solutions manage and protect identities for all types of machines—from physical and IoT devices to software applications, APIs and containers. Venafi provides global visibility, lifecycle automation and actionable intelligence for all machine identity types and the security and reliability risks associated with them.
Jetstack, a Venafi company, is a cloud native products and strategic consulting company working with enterprises using Kubernetes and OpenShift.
An open source pioneer, Jetstack has achieved notable industry recognition as the creator of cert-manager, the open source industry standard for cloud native machine identity management. Jetstack’s open source products and solutions protect the application environments and platform infrastructure of global banks, multinational retailing companies and defense organizations by providing enterprise platform and security teams the power to build, scale and security their cloud infrastructure.
With more than 30 patents, Venafi delivers innovative machine identity management solutions for the world's most demanding, security-conscious organizations and government agencies, including the top five U.S. health insurers; the top five U.S. airlines; the top four credit card issuers; three out of the four top accounting and consulting firms; four of the five top U.S. retailers; and the top four banks in each of the following countries: the U.S., the U.K., Australia and South Africa.