New Capability Enables Security Teams to Ensure Governance and Reduce Risk, While Empowering Platform Teams to Accelerate Development
PARIS (KubeCon + CloudNativeCon Europe 2024) — March 20, 2024 — Venafi, the inventor of machine identity management, today introduced SPIFFE (Secure Production Identity Framework For Everyone) support for Venafi Firefly, Venafi’s industry-first lightweight workload identity issuer uniquely designed to support modern, highly distributed cloud native workloads. As workload identity plays an increasingly fundamental role in cloud native architectures, today’s modern applications require an automated way to scale and secure heterogeneous workloads that are short-lived. By leveraging SPIFFE’s open source framework of identity standards, Venafi Firefly customers can now easily secure and govern workload identities across complex, dynamic development environments such as Kubernetes without slowing down innovation.
“The cloud native tsunami is making workload identity the focus for both security teams and adversaries. Knowing what workload is allowed to authenticate is only getting harder with more clouds, more clusters and more microservices,” said Kevin Bocek, chief innovation officer at Venafi. “There’s an urgent need to ensure workload identities are governed and consistent across many teams and applications in a modern business. Security teams want to know how and why workloads are being authenticated without getting in the way of business-changing apps.”
Unlike secrets managers and legacy PKIs that can’t support modern, decentralized approaches, Venafi Firefly with SPIFFE can easily and reliably mutually authenticate workloads across dynamic, multi-cloud environments using short-lived, verifiable identities managed by the Venafi Control Plane. As a result, security and platform teams can effectively secure workload identities across all environments while significantly reducing operational complexity and costs.
“Venafi Firefly goes beyond conventional workload identity management. It bridges the gap between security compliance and platform team efficiency by providing a unified, automated approach to seamlessly authenticate workloads in modern, cloud native environments,” said Shivajee Samdarshi, chief product officer at Venafi. “It automatically issues each workload with its own identity and creates an enterprise-wide trust root system to secure and authenticate workloads across any infrastructure. With SPIFFE support now added, platform teams can use Venafi Firefly to consume SPIFFE-compatible identities and seamlessly authenticate workloads for improved workload identity governance and trust.”
Venafi Firefly’s new SPIFFE capability offers security teams:
- Enhanced Governance and Security Compliance – Firefly with SPIFFE allows security teams to adopt a recognized industry standard for workload identity and security. This improves governance and security compliance for authenticating workload identities in highly scalable, cloud native environments.
- Secret-Less Authentication – Using Venafi Firefly, security teams can establish verifiable and ephemeral workload identities, underpinning a zero-trust architecture that eliminates the need for persistent, long-term secrets in certificates. Venafi Firefly automatically rotates and renews SPIFFE identities, which significantly mitigates the risks associated with secrets compromise or leakage.
Additionally, it offers platform teams:
- Advanced Automation for Workloads Across Multi-Cloud Operations – Venafi Firefly’s support for SPIFFE delivers a unified workload identity system, which helps platform teams remove the complexity and challenges of managing different workload identity systems from different cloud providers. This enables platform teams to simplify their operations and scale highly efficient, secure development environments across any public cloud, on-premise or hybrid setup.
- Simplified Service Mesh Operation With Automatic Mutual TLS (mTLS) – Using Venafi Firefly to authenticate SPIFFE identities enables simplified authentication and attestation of workloads. This creates secure trust domains using mTLS within Istio service meshes. Venafi Firefly scales trust domains by seamlessly enforcing identity and trust for workloads across multiple public cloud infrastructures and service mesh environments.
To learn more about Venafi Firefly, please visit https://venafi.com/firefly/ or visit Venafi in Booth L8 at KubeCon + CloudNativeCon Europe 2024.
About Venafi
Venafi is the cybersecurity market leader in machine identity management. From the ground to the cloud, Venafi solutions manage and protect identities for all types of machines—from physical and IoT devices to software applications, APIs and containers. Venafi provides global visibility, lifecycle automation and actionable intelligence for all machine identity types and the security and reliability risks associated with them.
With more than 30 patents, Venafi delivers innovative machine identity management solutions for the world's most demanding, security-conscious organizations and government agencies, including the top five U.S. health insurers, top five U.S. airlines, top four payment card issuers and top four U.S. banks. As a leading provider of open source machine identity management solutions, Venafi is the creator of the open source cert-manager project, which is downloaded more than 1.5 million times a day. For more information, visit https://venafi.com/.