Venafi buys cloud protection service Jetstack

Machine-based identity protection specialist Venafi, which supplies transport layer security (TLS), secure shell (SSH) and code-signing machine identities across some of the most security-conscious organisations in the world, is to enhance its cloud protection capabilities with the acquisition of Jetstack, a specialist in open source machine identity protection software for Kubernetes and other cloud native ecosystems.

With application development and deployment moving faster than ever, and developers able to create a “tidal wave” of new Kubernetes clusters, cloud instances, service meshes and microservice APIs across business units, clouds and geographies in a matter of seconds, Venafi said the need to protect machine identities was more pronounced than ever, and security teams that still tried to do this manually were in danger of being overwhelmed.

“In the race to virtualise everything, businesses need faster application innovation and better security; both are mandatory,” said Venafi CEO Jeff Hudson. “Most people see these requirements as opposing forces, but we don’t. We see a massive opportunity for innovation.

“This acquisition brings together two leaders who are already working together to accelerate the development process while simultaneously securing applications against attack, and there’s a lot more to do,” he said.

“Our mutual customers are urgently asking for more help to solve this problem because they know that speed wins, as long as you don’t crash.”

Troels Oerting, head of the World Economic Forum’s Global Centre for Cyber security, said: “InfoSec teams are struggling to keep up with cloud-native application development teams.

“Developers are deciding how to use machine identities without understanding how they affect enterprise security. This shift has created a real tension between enterprise security teams and developer teams. We must find a way to keep modern applications secure without disrupting development teams focused on innovation.”

Venafi believes the combo of its own TLS, SSH and code signing machine ID technology with Jetstack’s Cert-manager service will help security teams overcome this hurdle and ease some of the pressure.

Jetstack describes Cert-manager as a fast and easy way for developers to create, connect and consume certificates with Kubernetes and cloud native tools. It is already well in use in cloud infrastructures around the world and powers a growing number of consumer web and mobile applications. The acquisition also brings along a growing open source community that has coalesced around the service over the past few years.

“Nowadays, business success depends on how quickly you can respond to the market,” said Matt Barker, CEO and co-founder of Jetstack.

“This reality led us to rethink how software is built and Kubernetes has given us the ideal platform to work from. However, putting speed before security is risky. By joining Venafi, Jetstack will give our customers a chance to build fast while acting securely.”