Consistent, Secure Machine Identities at DevOps Speed

Identity is the new perimeter. Now, cloud services, containers, service meshes and container orchestration platforms all rely on machine identities such as X.509 TLS certificates for secure machine-to-machine communication. However, it’s not always easy for developers to include strong machine identities in the fast-paced environments they work in every day. Plus, security isn’t necessarily their top concern, so it often takes a back seat to things like expediting process and optimizing efficiency. 

To continue moving fast, developers need simple building blocks that they can take and easily integrate into their existing workflows. If they can’t identify a ready source of secure machine identities, they may take matters into their own hands and choose the path of least resistance. Security teams no longer have to accept that possibility. They now have the opportunity to provide common services that support rapid development.  But, while that’s a step forward, it’s not the only challenge!

It’s difficult to ensure a consistent machine identity approach within a disparate set of multi-vendor integrations required to achieve full end-to-end application automation solutions. Different teams within the organization find partial solutions in vendor tools and internal processes, but without full integration the overall solution falls short. Until recently there hasn’t been a satisfactory across-the-board solution that brings Application Development, Operations, and Security teams onto the same page.

Solving the Critical Machine Identity Management Challenge for DevOps

Historically, there has been friction within Global 5000 organizations among Application Development, Operations, and Security teams. This friction rises from the fact that each team owns a portion of the application lifecycle, but each team must work closely to ensure machine identities are issued and  provisioned securely and available to the applications that they protect. This disconnect can cause unnecessary slow-downs during the application deployment phase. Application and Operations teams that continue to adopt DevOps practices really bring this problem to light. They consume machine identities at a much faster pace compared to traditional deployment strategies—often issuing new certificates weekly, daily, even hourly in some cases—and for that reason it’s harder for Security teams to keep up. They have processes to follow too, with things like change requests and approvals, which can slow that process down even further. 

What if there were a better way?

What if there were a way to provide Security teams with the visibility and intelligence they need to ensure applications are protected with secure machine identities, and provide Application and Operation teams the ability to consume those machine identities, automatically, inside the tools they’re already using every day? One easy way to do this is to integrate machine identity acquisition into standard development pipelines. Let’s discuss an approach that would allow organizations to easily integrate machine identities into their CI/CD pipelines. 

Together with Venafi, Indellient reduces this friction with ShuttleOps and other powerful tools from industry leaders, such as Chef, to automate the build and deployment of applications across multiple clouds. ShuttleOps provides a fast, simple and secure way to automate application delivery. Its no-code CI/CD platform offers a single place for stakeholders to define pipelines that automate each step in the build and deploy process;  provisioning, configuration management, and with the integration of Venafi, deliver machine identities, while enabling complete process management, compliance auditing, and robust security controls. 

These Indellient-built integrations with Venafi enable developers with three key integrations.  They can:

  1. Use a Venafi-Chef Habitat Helper package to easily integrate Venafi with existing Chef Habitat ready applications in a standard way.
  2. Use a Venafi-Chef Infra Helper cookbook to easily integrate Venafi with existing Chef Infra environments in a standard way.
  3. Facilitate Venafi integration using ShuttleOps, leveraging its flexible deployment pipeline editor to establish seamless connections between customer applications and the Venafi service.

Venafi Integrations with Chef Habitat, Chef Infra and ShuttleOps 

It’s not often that you can find an across-the-board solution that is diverse enough to please multiple participants in the applications lifecycle. However, these particular integrations are a great step forward in getting Application Development, Operations, and Security teams onto the same page. The way we do that is by breaking down barriers between these teams with solutions that meet the special requirements of each of these teams where they interact—whether using Chef Infra, Chef Habitat, or ShuttleOps. It’s the frictionless way to achieve full end-to-end application automation solutions. 

We invite you to learn more about each of these integrations in greater detail by following the links below:

Paul Cleary, Ecosystem Architect at Venafi

Paul Cleary is the Ecosystem Architect at Venafi, based in Colorado Springs. After joining the cybersecurity industry in 2015 and working on the post-sales side for a few years, he pivoted to Business Development and identified a passion of helping to elevate existing partnerships and forge new ones. Over his career, Paul has helped a number of partners integrate industry-standard security platforms and practices into their products.