Information security teams have long known that a robust process for creating and managing machine identities – especially X.509-based SSL/TLS certificates that enable machine-to-machine authentication and encryption – is fundamental to delivering secure applications. But they also know these methods tend to fall apart in a DevOps-driven world.
DevOps teams can’t wait hours for an appropriate certificate to be delivered by the PKI team, not when new builds are being created every few seconds. They also can’t be expected to maintain and update the tens of thousands of certificate-enabled identities they create every day as containers, applications, and templates.
What they can do is improvise. This often results in the creation of weak or misconfigured keys, improper or non-compliant certificates, and the short-circuiting of InfoSec policies. There is another way.
In this talk, experts in machine identity and PKI (public key infrastructure) will show:
1. How machine identities can be delivered as a fast “certificate-as-a-service” solution
2. How they can be configured according to sound InfoSec policies
3. How they can be integrated with existing DevOps tools such as Kubernetes, Ansible, and HashiCorp Vault
Importantly, this can all be done within existing continuous integration and continuous delivery (CI/CD) toolchains, giving developers programmatic, automated TLS certificate issuance and provisioning. And it allows them to go faster: they no longer need to “hotwire” certificate management processes for each application or service.
We’ll also show how large Global 5000 organizations have implemented:
• A single source of “truth and control” for machine identities that manages X.509 certificates across both cloud providers and on-premise infrastructure
• A “machine identity platform” that reduces security risks and prevents costly delays to the high-speed DevOps processes
• A system that defends against increasingly dangerous cybersecurity threats