Why cryptographic keys & digital certificates matter to DevOps

What happened was the marketing people at Venafi hired a corporate brand consultant and asked them to come up with a funky term so that the firm didn’t have to just explain that it makes cryptographic keys and digital certificates.

Brand consultant: “So, we could just explain what you do and talk about the products.”

Venafi markting team: “Hmm, direct, I like it, but what else ya got?”

Brand consultant: “Okay, or, or, or, we could call it the Immune System for the Internet™ and insist that people use the ™ and everything.”

Venafi markting team: “Oh you’re good, sushi for lunch?”

Now that Venafi is done with its fancy branding nomenclature, the firm can get on with explaining why its technology could help software application development professionals working inside so-called DevOps centric teams. The software here works to constantly assess which cryptographic keys and digital certificates are trusted, protecting those that should be trusted, and fixing or blocking those that are not.

This technology is now packaged as a utility for download

According to Venafi, “DevOps teams can eliminate the hassle of acquiring and installing TLS keys and certificates. Instead, customers can focus on speeding up continuous development and deployment, while security teams have complete visibility and can keep the DevOps environment secure and compliant to protect customer data.”

Extending the Venafi Trust Protection Platform requires only a single line of code and works out-of-the box with automation, orchestration and containerisation platforms including Puppet, Chef, Docker, Terraform, Saltstack and Ansible – on premise and in the cloud.

Why cryptographic keys & digital certificates matter to DevOps

TLS keys and certificates determine what can and can’t be trusted on the Internet, enabling software to communicate privately and preventing man-in-the-middle, spoofing and other trust-based attacks.

DevOps approaches like orchestration and containerisation increase the demand for near instantaneous availability of trusted TLS keys and certificates.

Many developers take shortcuts when obtaining or using TLS keys and certificates – like using weak cryptographic methods, unknown, self-signed or duplicate keys, or unapproved certificate authorities (CAs) with little to no validation and oversight from IT security.

All of this makes it easier for attackers to look trusted or hide inside encrypted traffic. And the sheer volume of untrusted and unprotected certificates makes an outage from expired certificates an inevitability.

While DevOps teams generate at least 10x or more TLS keys and certificates, they take shortcuts or make poor security decisions that create vulnerabilities and make it easy for bad guys to look trusted.

This is the rationale Venafi uses when presenting its technology to potential customers, fancy branding terms notwithstanding.

4 of 5 top U.S. banks secure with Venafi, so we've shown you a picture of an ATM

4 of 5 top U.S. banks secure with Venafi, so we’ve shown you a picture of an ATM