How DevOps May Actually Improve Machine Identity Protection

DZone 's Guide to

How DevOps May Actually Improve Machine Identity Protection

As DevOps causes teams to move faster than ever, it becomes more necessary for security protocols to become more streamlined as well.

· DevOps Zone ·
Free Resource

DevOps is challenging many of our old assumptions about IT and application development. It’s one of the key contributors to driving the digital transformation from manual to automated systems across the enterprise. And machine identity protection is no exception.

Traditional certificate acquisition and provisioning could take hours, or even days. But DevOps teams are moving too quickly to stop and wait for these manual processes. They require machine identities to secure containers and microservices on the fly. In fact, DevOps is inspiring many organizations to think about how they can bring their machine identity protection into line with the dynamic nature of the new Fast IT. So they’re asking, "Okay, how do we change our processes to allow this to happen?"

Image title

To give you a concrete example of the status quo, if you want a certificate within a large organization, you got to have a team that is responsible for the certificate. Plus, you've got to have requesters within that team, and you've also got to have approvers within that team. If you are a requester, you can't also be an approver, because then you could request and approve your own certificate, and we can't have that because regulatory bodies will not let you do that.

And you can't have only one person within the team, because if that person is off, then the certificate might not get approved when it needs to be approved. So, you need at least two requesters and you need at least two approvers. That means you need to have at least four people before you can have a certificate. Because that's the way the systems have always worked.

Image title

Not only are these traditional processes slow, but they don’t scale well to meet the increasing demand for machine identities. The work that PKI teams are doing with approvals is significantly greater now than it was when they started. And it’s all been a manual process. Not only do they need to manage the requesting and approving of certificates from a financial point of view, they need the crypto team to review the requests to make sure they’re in line with security policies.

It’s a lot of work to verify that departments or business units are requesting the right sort of certificates for the right sort of purposes. That alone is almost one person's full-time job. But now, with advances in machine identity protection, much of that can be automated. And organizations want to automate that.

Following the example of DevOps, PKI teams are thinking about how they can move away from spreadsheets onto automated protection. In fact, many have been thinking about increasing automation and have been wanting to do it for a number of years. After all, there is only so much you can do without radically increasing staffing, not to mention overtime.

Image title

So, I see the dynamism of DevOps having ripple effects throughout the security infrastructure. Certainly DevOps is driving a paradigm shift, or mindset change, by challenging many traditional assumptions. Without the need to keep up with all of this, you'd never have these massive steps from an ancient system to a very modern system. Organizations would just be keeping the systems updated and make little tweaks along the way, making these little changes here and there regularly. That's very much what DevOps and agile are all about. But getting that into everybody's mindset is not easy. 

DevOps inspires a mentality where everything is dynamic. And because you know it's all dynamic, you know what's changing, and it's lots of little changes. Venafi helps organizations support this vision with dynamic machine identity protection that automates the entire certificate life cycle. This type of automation speeds acquisition and ensures compliance with enterprise security policies.

Are you ready to embrace the DevOps spirit by automating your machine identity protection?

automation, ci/cd, devops adoption, devsecops, devsecops process, security & defense, ssl, ssl certificates

Published at DZone with permission of Martin Thorpe . See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}