Venafi and GlobalSign Partner on Machine Identity Protection in DevOps Environments
May 16, 2019

Venafi announced an expanded technology partnership and integration that seamlessly addresses DevOps certificate challenges. Additionally, Venafi Cloud is now fully integrated with GlobalSign’s high-performance PKI solutions for enterprises.

The integration of Venafi Cloud and GlobalSign PKI for DevOps provides DevOps teams with quick, high-speed access to trusted machine identities across multiple clouds, hybrid infrastructure, and containerized environments. Security teams can rest assured DevOps teams are using standardized, automated SSL/TLS certificates that fit enterprise policy and eliminate errors. By using GlobalSign's cloud-based PKI services, developers and information security teams eliminate the need to build and manage CAs and supporting services, including Online Certificate Status Protocol (OCSP) and Certificate Revocation Lists (CRL).

Venafi Cloud offers DevOps teams out-of-the-box integrations, including HashiCorp Terraform, HashiCorp Vault, SaltStack, Ansible, Docker and Jetstack cert-manager. The Venafi Cloud and GlobalSign’s PKI for DevOps solution also features well-documented standard interfaces that can be used across teams, including a REST API, an open source VCert SDK (available in Go and Python) and ACME. Enterprises of all sizes can now have one service for machine identities across their hybrid infrastructure and multiple clouds, helping to increase the speed of DevOps.

Cryptographic keys serve as machine identities and are the foundation of security for all applications on enterprise networks, the internet and cloud environments. As organizations embrace DevOps, the number of machine identities required is exploding. However, because developers maintain their own methods for obtaining and using machine identities, the situation quickly becomes chaotic, expensive and risky. As a result, developers look for shortcuts, including using machine identities from unauthorized CAs and weak self-signed and wildcard certificates. When left unchecked, DevOps teams can create risk through vulnerabilities and errors that enter production environments, increasing an organization’s overall attack surface.

“Now with support for GlobalSign’s highest performing and scalable PKI service, Venafi Cloud eliminates the machine identity risks that have plagued DevOps, hybrid and multi-cloud environments,” said Kevin Bocek,VP of Security Strategy and Threat Intelligence for Venafi. “Now, DevOps teams get the fastest, easiest way to automate TLS certificates whether they’re using ready-to-use integrations or powerful APIs. And security teams are happy knowing trusted certificates are being used correctly because they have complete visibility. We are thrilled that our partnership with GlobalSign will provide DevOps organizations with more dynamic, flexible machine identity protection solutions.”

Key benefits of the Venafi Cloud and GlobalSign integration include:

- Support for DevOps use cases that require ultra-high-speed certificate issuance; allows certificates to be delivered in seconds.

- Embeds certificate issuance into the tools developers are already using, including configuration management, container orchestration, release automation, and secrets management tools.

- Incorporates policy-enforced certificate issuance directly into CI/CD pipelines and enforces the appropriate policies for each environment.

- Prevents outages by automating the certificate lifecycle, eliminating errors, and enforcing security policy within DevOps workflows with out-of-the-box integrations, multiple APIs and SDKs that can be used everywhere, including the Automated Certificate Management Environment (ACME) protocol.

- Improves security posture by securing infrastructure as it is spun up, enabling end-to-end HTTPS with consistent, can-be-used everywhere integrations, interfaces, APIs and SDKs.

- Eliminates the need to manage PKI in-house or rely on self-signed certificates.

- Complies with The Payment Card Industry Data Security Standard (PCI DSS), National Institute of Standards and Technology (NIST), Health Insurance Portability and Accountability Act (HIPAA), and other audit frameworks.

“This integration enables DevOps teams to automate the procurement and installation of trusted digital certificates,” said Nisarg Desai, Director of Product Mmanagement, IoT and DevOps for GlobalSign. “By combining GlobalSign’s highly scalable PKI for DevOps solution with Venafi Cloud certificate policy management and enforcement, organizations are now able to improve security, boost productivity and comply with regulatory frameworks – such as PCI DSS, NIST, and HIPAA – with just a few lines of code.”

Share this

Industry News

September 24, 2020

NetApp announced the availability of Elastigroup for Microsoft Azure Spot Virtual Machines (VMs).

September 24, 2020

CloudBees announced a robust new set of DevSecOps capabilities for CloudBees CI and CloudBees CD. The new capabilities enable customers to perform early and frequent security checks and ensure that security is an integral part of the whole software delivery pipeline workflow, without sacrificing speed or increasing risk.

September 24, 2020

Pulumi announced the release of a Pulumi-native provider for Microsoft Azure that provides 100% coverage of Azure Resource Manager (ARM), the deployment and management service for Azure that enables users to create, update and delete resources in their Azure accounts.

September 23, 2020

Puppet announced new Windows services, integrations and enhancements aimed at making it easier to automate and manage infrastructure using tools Windows admins rely on. The latest updates include services around Group Policy Migration and Chocolatey, as well as enhancements to the Puppet VS Code Extension, and a new Puppet PowerShell DSC Builder module.

September 23, 2020

Red Hat announced the release of Red Hat OpenShift Container Storage 4.5, delivering Kubernetes-based data services for modern, cloud-native applications across the open hybrid cloud.

September 23, 2020

Copado, a native DevOps platform for Salesforce, has acquired ClickDeploy.

September 22, 2020

CloudBees announced general availability of the first two modules of its Software Delivery Management solution.

September 22, 2020

Applause announced the availability of its Bring Your Own Testers (BYOT) feature that enables clients to manage their internal teams – employees, friends, family members and existing customers – and invite them to test cycles in the Applause Platform alongside Applause’s vetted and expert community of testers.

September 22, 2020

Kasten announced the integration of the K10 data management platform with VMware vSphere and Tanzu Kubernetes Grid Service.

September 21, 2020

PagerDuty entered into a definitive agreement to acquire Rundeck, a provider of DevOps automation for enterprise.

September 21, 2020

Grafana Labs announced the release of Grafana Metrics Enterprise, a modern Prometheus-as-a-Service solution designed for the scale, architecture, and security needs of enterprises as they expand their observability initiatives.

September 21, 2020

Portshift's Cloud Workload Protection platform is now available through the Red Hat Marketplace.

September 17, 2020

env0, a developer of Infrastructure-as-Code (IaC) management software, announced the availability of its new open source solution for Terraform users, Terratag.

September 17, 2020

Push Technology announced a partnership with Innova Solutions, an ACS Solutions company, specializing in global information technology services.

September 17, 2020

Alcide achieved the AWS Outposts Ready designation, part of the Amazon Web Services (AWS) Service Ready Program.