Welcome!

Containers Expo Blog Authors: Liz McMillan, Pat Romanski, Yeshim Deniz, Elizabeth White, Zakia Bouachraoui

Related Topics: @DevOpsSummit, Linux Containers, Containers Expo Blog

@DevOpsSummit: Blog Post

Venafi Makes It Easy for DevOps to Run Secure | @DevOpsSummit @Venafi #DevOps #ContinuousTesting

Venafi delivers the power of automated, secure TLS key and certificate lifecycle management for DevOps

Venafi Makes It Fast and Easy for DevOps to Run Secure

Venafi has extended the power of its platform in an easy-to-use utility for DevOps teams available for immediate download. Now DevOps teams can eliminate the hassle of acquiring and installing TLS keys and certificates. Instead, customers can focus on speeding up continuous development and deployment, while security teams have complete visibility and can keep the DevOps environment secure and compliant to protect customer data. Extending the Venafi Trust Protection Platform requires only a single line of code and works out-of-the box with leading automation, orchestration, and containerization platforms including Puppet, Chef, Docker, Terraform, Saltstack, and Ancible - on premise and in the cloud.

Gartner predicts 75% of organizations will run with Fast IT teams by 2017. As an important part of this strategy, DevOps allows IT teams to move to a continuous testing and development environment. This strategy improves customer experience and delivers new features faster. However, while DevOps can deliver significant benefits it can create significant risk.

TLS keys and certificates determine what can and can't be trusted on the internet, enabling software to communicate privately and preventing man in the middle, spoofing, and other trust-based attacks. DevOps approaches like orchestration and containerization increase the demand for near instantaneous availability of trusted TLS keys and certificates by an order of magnitude or more. Many developers take shortcuts when obtaining or using TLS keys and certificates – like using weak cryptographic methods, unknown, self-signed or duplicate keys, or unapproved certificate authorities (CAs) with little to no validation and oversight from IT security.

All of this makes it easier for attackers to look trusted or hide inside encrypted traffic. And the sheer volume of untrusted and unprotected certificates makes an outage from expired certificates an inevitability.

"Venafi research shows that 79% of CIOs believe that DevOps makes it more difficult to know what is trusted or not because of the chaos brewing with the use of TLS keys and certificates," said Kevin Bocek, Vice President of Threat Intelligence and Security Strategy at Venafi. "Security teams need to keep DevOps safe with easy-to-use automation that eliminates complexity. Using TLS keys and certificates is a great example: While DevOps teams generate at least 10x or more TLS keys and certificates, they take shortcuts or make poor security decisions that create vulnerabilities and make it easy for bad guys to look trusted. And, the rapid, uncoordinated growth in encrypted traffic makes security controls blind to attacks."

Venafi automates the complete secure lifecycle of TLS keys and certificates. DevOps doesn't need to worry about the details of how to get, install, and use keys and certificates. IT security policies are enforced and there's complete visibility. Only trusted keys and certificates are issued and any anomalies are detected quickly. DevOps teams now have the speed they need while IT security maintains control of security and privacy.

"Finding a way to provide security-at-speed is vital if we are to unlock the promise of DevOps," continued Bocek. "Venafi is helping IT security teams make it fast and easy for DevOps to use TLS keys and certificates. Venafi's introduction of new utilities for DevOps expands the power of Venafi's Trust Protection Platform. This is one more reason why Venafi is the leader in protecting SSL/TLS, SSH, and enterprise mobility keys and certificates for the Global 5000. Venafi's patented and proven platform is trusted by the world's leading banks, retailers, insurers, and governments to protect the trust and privacy keys and certificates provide."

@ThingsExpo - The World's Largest 'Internet of Things' Event, November 1-3, 2016, at the Santa Clara Convention Center!

Secrets of Sponsors and ExhibitorsHere
Secrets of Cloud Expo SpeakersHere

All major researchers estimate there will be tens of billions devices - computers, smartphones, tablets, and sensors - connected to the Internet by 2020. This number will continue to grow at a rapid pace for the next several decades.

@CloudExpo / @ThingsExpo 2016 Silicon Valley
(November 1-3, 2016, Santa Clara Convention Center, CA)

@CloudExpo / @ThingsExpo 2017 New York
(June 6-8, 2017, Javits Center, Manhattan)

With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @CloudExpo | @ThingsExpo, November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be.

Register for @CloudExpo/@ThingsExpo 'FREE' Before Friday! Here

Track 1: Enterprise Cloud & Digital Transformation
Track 2: Microservices | Cloud Hot Topics
Track 3: Internet of Things & Cloud
Track 4: APIs & Cloud Security
Track 5: Big Data Analytics
Track 6: DevOps, Continuous Delivery & Containers
Track 7: Enterprise IoT & IIoT
Track 8: IoT Developer
Track 9: Consumer IoT | IoT Hot Topics

Delegates to Cloud Expo | @ThingsExpo will be able to attend 9 simultaneous, information-packed education tracks.

There are over 120 breakout sessions in all, with Keynotes, General Sessions, and Power Panels adding to three days of incredibly rich presentations and content.

Join @CloudExpo | @ThingsExpo conference chair Roger Strukhoff (@IoT2040), June 7-9, 2016 in New York City, for three days of intense 'Internet of Things' discussion and focus, including Big Data's indispensable role in IoT, Smart Grids and Industrial Internet of Things, Wearables and Consumer IoT, as well as (new) IoT's use in Vertical Markets.

About SYS-CON Media & Events
SYS-CON Media (www.sys-con.com) has since 1994 been connecting technology companies and customers through a comprehensive content stream - featuring over forty focused subject areas, from Cloud Computing to Web Security - interwoven with market-leading full-scale conferences produced by SYS-CON Events. The company's internationally recognized brands include among others Cloud Expo® (@CloudExpo), Big Data Expo® (@BigDataExpo), DevOps Summit (@DevOpsSummit), @ThingsExpo® (@ThingsExpo), Containers Expo (@ContainersExpo) and Microservices Expo (@MicroservicesE).

Cloud Expo®, Big Data Expo® and @ThingsExpo® are registered trademarks of Cloud Expo, Inc., a SYS-CON Events company.

More Stories By Elizabeth White

News Desk compiles and publishes breaking news stories, press releases and latest news articles as they happen.

IoT & Smart Cities Stories
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performance data from large automated systems such as heating and cooling to the people that live and work within them. Through machine learning, buildings can optimize performance, reduce costs, and improve occupant comfort by ...
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
Predicting the future has never been more challenging - not because of the lack of data but because of the flood of ungoverned and risk laden information. Microsoft states that 2.5 exabytes of data are created every day. Expectations and reliance on data are being pushed to the limits, as demands around hybrid options continue to grow.
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups.
As IoT continues to increase momentum, so does the associated risk. Secure Device Lifecycle Management (DLM) is ranked as one of the most important technology areas of IoT. Driving this trend is the realization that secure support for IoT devices provides companies the ability to deliver high-quality, reliable, secure offerings faster, create new revenue streams, and reduce support costs, all while building a competitive advantage in their markets. In this session, we will use customer use cases...