SlideShare a Scribd company logo

Use the Same Certificate Process Across Your DevOps Toolchain

DevOps.com
DevOps.com

Application development teams need to move fast. Yet they often need to reinvent the wheel when it comes to machine identities such as SSL/TLS certificates. They frequently create their own security infrastructure, using a combination of Open SSL, secrets management tools, DevOps platforms, and scripts. Then, as environments and tools change, apps are migrated, and regulatory frameworks change, those same developers need to spend time re-coding applications, updating scripts, or learning new certificate authority APIs. To lighten the load for developers, security teams must offer a ready-made, consumable service for machine identities. In this webinar, we will explore the best practices that allow organizations to scale digital certificate provisioning while looking at the challenges facing security and DevOps. Join us and you’ll also learn: How the proliferation of machines complicates security Where machine identity protection sits in the DevSecOps toolchain Recent examples of breaches and outages due to a flawed security posture How a standardized set of consumable services supports enterprise-wide visibility and compliance, AND helps DevOps save time Develop a game plan to help security and DevOps work together and improve the security posture of your organization. Attendees will receive a complimentary copy of the white paper, “Speed and Scale: How Machine Identity Protection is Crucial for Digital Transformation and DevOps.”

Technology
1 of 26
Download to read offline
// // © 2019 Venafi. All Rights Reserved.1 Use the Same Certificate Process Across Your DevOps Toolchain Sandra Chrust Sr. Product Marketing Mgr. Helen Beal DevOpsologist Relieve the Burden on DevOps 30 May 2019
// // // DevOps and DevSecOps Why Trusted Certificates Are Important Essential The DevOps Toolchain Use the Same Certificate Process: Offer a Service Q&A Agenda © 2019 Venafi. All Rights Reserved.2 1 2 3 4 5
// // // People Machines Two Actors on a Network
// 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% “70% of network attacks will use SSL by 2020” —Gartner Predictions 2010 2012 2014 2016 2018 2020 Percentage of Network Attacks Incorporating SSL “A security or compliance breach will shock DevOps advocates, forcing greater focus on governance and toolchain oversight.” Forrester. Predictions 2019: DevOps. Adolescent DevOps Grapples with Governance. November 8, 2018
// // © 2019 Venafi. All Rights Reserved.5 DevOps and DevSecOps
CLOUD MIGRATION IaaS PaaS, Serverless Containers SaaS ARCHITECTURE MODERNIZATION Microservices API-Centric Modern Languages New Ecosystem DEVOPS High- Performance IT Automated Customer-Centric Fully Integrated DIGITAL TRANSFORMATION Machine Identities Are Here • SSL/TLS Certificates • SSH Keys • Code Signing Certificates // © 2019 Venafi. All Rights Reserved.6 “79% of CIOs expect the speed of DevOps to make it more difficult to know what is trusted and what is not.” Venafi CIO Survey
//// © 2019 Venafi. All Rights Reserved.7 optimising th Dev as (Pa Inform of T Agility DevSecOps: Information security as everyone’s job, every day. (Chapter 22) One of the top objections to implementing DevOps principles and patterns has been, “Information security and compliance won’t let us.” And yet, DevOps may be one of the best ways to better integrate information security into the daily work of everyone in the technology value stream. Part IV: ‘The Technological Challenges of Integrating Information Security, Change Management and Compliance’ of the DevOps Handbook: How to Create World-Class Agility, Reliability, & Security in Technology Organizations “
// © 2019 Venafi. All Rights Reserved.8 Why Trusted Certificates Are Important Essential
// // // When Machine Identities Go Bad © 2019 Venafi. All Rights Reserved.9 Tens of millions of users can’t use their mobile phones for a day due to an expired certificate. Website down – invalid (expired) certificate: “Your connection is not secure.” Incorrect SSL certificate pinning allows hackers to create man in the middle attack on API = STAMPEDE. Another expired certificate, millions of users unable to access the service due to insecure connection.
// // // Certificate Needs Are Growing Exponentially © 2019 Venafi. All Rights Reserved.10 Certificates are needed across the entire application stack • Certificates apply to all infrastructure • Servers • Cloud • Containers • Virtual Machines • Service Mesh And need to be embedded within DevOps workflows Span the full software lifecycle Dev Test Stage Prod
//11 © 2019 Venafi. All Rights Reserved. Methods Commonly Used in DevOps
// Use OpenSSL to generate self-signed certificates Use many instances of HashiCorp Vault to get subordinate CA or self-signed certificates Submit tickets to get trusted certificates Use unauthorized CAs or create their own Use Let’s Encrypt for automated certificate renewals Create homegrown scripts or workarounds Use certificates from public cloud providers Leverage built in DevOps secrets tools Unauthorized Certificate Authorities Homegrown Solutions or Scripts
// // // Heterogeneous Approaches Introduce Complexity © 2019 Venafi. All Rights Reserved.13 Source: https://www.reddit.com/r/devops/comments/b63eqp/what_keeps_a_devopssre_manager_up_at_night/
// // They must develop and operate security infrastructure that: ü Uses trusted and protected certificates ü Supports multiple certificate authorities ü Delivers non-reputable audit logs ü Protects private keys ü Answers audit requests ü Integrates with vulnerability management and threat intelligence systems ü Verifies compliance ü Conforms to ever-changing policy ü Provides resilience to crypto/key compromise ü Gives visibility to InfoSec ü Supports attestation of corporate compliance And If They Are to Do Things Correctly… © 2019 Venafi. All Rights Reserved.14
// // // Challenges and Risks of Current Methods For DevOps • Diverts resources, slows development • Can’t migrate apps • Outages • Error prone, requires maintenance • Creates snowflake environments For InfoSec • Lack of visibility • Policy non-compliance • Can’t audit or remediate • Weak certificate usage • Unprotected private keys • Can’t inspect traffic © 2019 Venafi. All Rights Reserved.15
// © 2019 Venafi. All Rights Reserved.16 The DevOps Toolchain
// // // The DevOps Loop © 2019 Venafi. All Rights Reserved.17 Ideation Integration ValidationOperation Realization “One way to enable market-oriented outcomes is for Operations to create a set of centralized platforms and tooling services that any Dev team can use to become more productive… a platform that provides a shared version control repository with pre- blessed security libraries, a deployment pipeline that automatically runs code quality and security scanning tools, which deploys our applications into known, good environments that already have production monitoring tools installed on them.”
// // // The DevOps Loop © 2019 Venafi. All Rights Reserved.18 Ideation Integration ValidationOperation Realization When key and certificate provisioning becomes part of the automated build process, DevOps teams can significantly reduce IT service delivery time: • Over half (57%) of Venafi customers used the Venafi Platform to improve their SLAs for internal IT services Automated build Test through route to live Environment orchestration Deploy and run
// © 2019 Venafi. All Rights Reserved.19 Use the Same Certificate Process: Offer a Service
// // // New Guidance from NIST 1800-16B (Draft) © 2019 Venafi. All Rights Reserved.20 https://www.nccoe.nist.gov/projects/building-blocks/tls-server-certificate-management
// // // NIST 1800-16B – TLS Server Certificate Management © 2019 Venafi. All Rights Reserved.21 4.1 Certificate Owners With the advent of virtualization, the development and operations (DevOps) teams provision systems and software through programmatic means. This introduces a new type of certificate owner and new TLS server certificate challenges for organizations. As organizations push for more rapid and efficient deployment of business applications, many DevOps teams deploy certificates without coordination with the Certificate Services team. This can result in certificates for mission-critical applications not being tracked. This can be particularly problematic if bugs in DevOps programs/scripts cause certificates to be improperly deployed or updated. In addition, as DevOps teams adopt newer frameworks and tools, it is important to continue to monitor certificates and applications deployed and maintained by older DevOps frameworks and tools. 5.2 Establish a Certificate Service Manually managing TLS server certificates is infeasible due to the large number of certificates in most enterprises. It is also not feasible for each certificate owner to create their own certificate management system. The most efficient and effective approach is for the Certificate Services team to provide a central Certificate Service that includes technology- based solutions that provide automation and that support certificate owners in effectively managing their certificates. This service should include the technology/services for CAs, certificate discovery, inventory management, reporting, monitoring, enrollment, installation, renewal, revocation, and other certificate management operations. https://www.nccoe.nist.gov/projects/building-blocks/tls-server-certificate-management
// // // Abstraction Makes it Easy for DevOps © 2019 Venafi. All Rights Reserved.22 Venafi enables security teams to provide access to certificates in a way that abstracts complexity away. This ensures that security is built into the application without the need for developers to maintain cryptographic functions.
// // // Accelerate DevOps by Offering a Service © 2019 Venafi. All Rights Reserved.23 23 Platform capabilities Inventory Policy Controls Audit, Reporting & Logging Agentless Drivers Automation Workflows Certificate Authority Connectors DevOps can automatically request certificates for: • Containers • Service Mesh • Serverless • Servers • Load Balancers Modern ArchitectureTraditional InfrastructureLocated in • Physical Data Center • Virtual Data Center • Hybrid Cloud • Public Cloud • Infrastructure -as-a-Service (IaaS) And from within the CI/CD Pipeline, across environments Test Only Certs Internal & Externally Trusted Certificates Development Test Staging Production Automate renewals (native and non-native cloud infrastructure) Options for embedding policy-compliant certificates into DevOps workflows Venafi APIACMESDK and CLI *Open Source *VCert SDK (Go, Python, Java, etc.) *VCert for Command Line REST API / Web SDK Venafi ACME Server DevOps Toolchain Integrations GitHub page: https://github.com/Venafi
// // // Venafi Helps You Deliver DevSecOps © 2019 Venafi. All Rights Reserved.24 Fast, repeatable Ease of migration Automated renewals Strong certificates For DevOps Centralized control Policy compliance Ease of remediation Secure key storage For InfoSec Accelerate DevOps, Securely
// © 2019 Venafi. All Rights Reserved.25 Security is not one person’s job — it’s everyone’s job.
// Audience Q&A

Recommended

DevOps, A path to Enterprises to Adopt [Decoding DevOps Conference - InfoSep...
DevOps, A path to Enterprises to Adopt [Decoding DevOps Conference - InfoSep...DevOps, A path to Enterprises to Adopt [Decoding DevOps Conference - InfoSep...
DevOps, A path to Enterprises to Adopt [Decoding DevOps Conference - InfoSep...InfoSeption
 
Iac evolutions
Iac evolutionsIac evolutions
Iac evolutionsPrancer Io
 
Testing Cloud Services: SaaS, PaaS, and IaaS
Testing Cloud Services: SaaS, PaaS, and IaaSTesting Cloud Services: SaaS, PaaS, and IaaS
Testing Cloud Services: SaaS, PaaS, and IaaSTechWell
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleDenim Group
 
Application Asset Management with ThreadFix
Application Asset Management with ThreadFix Application Asset Management with ThreadFix
Application Asset Management with ThreadFixDenim Group
 
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksSecurity Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksDevOps.com
 
Service Virtualization: What Testers Need to Know
Service Virtualization: What Testers Need to KnowService Virtualization: What Testers Need to Know
Service Virtualization: What Testers Need to KnowTechWell
 
Azure DevOps
Azure DevOpsAzure DevOps
Azure DevOpsJuan Fabian
 

Recommended

DevOps, A path to Enterprises to Adopt [Decoding DevOps Conference - InfoSep...
DevOps, A path to Enterprises to Adopt [Decoding DevOps Conference - InfoSep...DevOps, A path to Enterprises to Adopt [Decoding DevOps Conference - InfoSep...
DevOps, A path to Enterprises to Adopt [Decoding DevOps Conference - InfoSep...InfoSeption
 
Iac evolutions
Iac evolutionsIac evolutions
Iac evolutionsPrancer Io
 
Testing Cloud Services: SaaS, PaaS, and IaaS
Testing Cloud Services: SaaS, PaaS, and IaaSTesting Cloud Services: SaaS, PaaS, and IaaS
Testing Cloud Services: SaaS, PaaS, and IaaSTechWell
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleDenim Group
 
Application Asset Management with ThreadFix
Application Asset Management with ThreadFix Application Asset Management with ThreadFix
Application Asset Management with ThreadFixDenim Group
 
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksSecurity Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksDevOps.com
 
Service Virtualization: What Testers Need to Know
Service Virtualization: What Testers Need to KnowService Virtualization: What Testers Need to Know
Service Virtualization: What Testers Need to KnowTechWell
 
Azure DevOps
Azure DevOpsAzure DevOps
Azure DevOpsJuan Fabian
 
Building A Self-Documenting Application: A Study in Chef and Compliance
Building A Self-Documenting Application: A Study in Chef and ComplianceBuilding A Self-Documenting Application: A Study in Chef and Compliance
Building A Self-Documenting Application: A Study in Chef and ComplianceKevin Gilpin
 
Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryTechWell
 
What's Next for WebRTC
What's Next for WebRTCWhat's Next for WebRTC
What's Next for WebRTCChad Hart
 
How Online Retailer Resident Scaled DevOps with AWS and CloudShell Colony
How Online Retailer Resident Scaled DevOps with AWS and CloudShell ColonyHow Online Retailer Resident Scaled DevOps with AWS and CloudShell Colony
How Online Retailer Resident Scaled DevOps with AWS and CloudShell ColonyDevOps.com
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceTej Luthra
 
DevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it WorkDevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it WorkVMware Tanzu
 
DevOps for Highly Regulated Environments
DevOps for Highly Regulated EnvironmentsDevOps for Highly Regulated Environments
DevOps for Highly Regulated EnvironmentsDevOps.com
 
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Denim Group
 
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingAarno Aukia
 
Day 3: Security Auditing and Compliance
Day 3: Security Auditing and ComplianceDay 3: Security Auditing and Compliance
Day 3: Security Auditing and ComplianceVMware Tanzu
 
On-Demand Webinar: Software Virtualization Lifecycle
On-Demand Webinar: Software Virtualization LifecycleOn-Demand Webinar: Software Virtualization Lifecycle
On-Demand Webinar: Software Virtualization LifecycleSkytap Cloud
 
Infrastructure less development with Azure Service Fabric
Infrastructure less development with Azure Service FabricInfrastructure less development with Azure Service Fabric
Infrastructure less development with Azure Service FabricSaba Jamalian
 
Demystifying AuthN/AuthZ Using OIDC & OAuth2
Demystifying AuthN/AuthZ Using OIDC & OAuth2Demystifying AuthN/AuthZ Using OIDC & OAuth2
Demystifying AuthN/AuthZ Using OIDC & OAuth2NGINX, Inc.
 
Remote Video Inspection (RVI) software for fire and safety inspections
Remote Video Inspection (RVI) software for fire and safety inspectionsRemote Video Inspection (RVI) software for fire and safety inspections
Remote Video Inspection (RVI) software for fire and safety inspectionsCloudVisit, Inc.
 
DevOps for Mainframe: Open Source Fast Track
DevOps for Mainframe: Open Source Fast TrackDevOps for Mainframe: Open Source Fast Track
DevOps for Mainframe: Open Source Fast TrackDevOps.com
 
Bio IT World 2015 - DevOps Security and Transparency
Bio IT World 2015 - DevOps Security and TransparencyBio IT World 2015 - DevOps Security and Transparency
Bio IT World 2015 - DevOps Security and TransparencyKevin Gilpin
 
Get more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPGet more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPF5NetworksAPJ
 
Securing Red Hat OpenShift Containerized Applications At Enterprise Scale
Securing Red Hat OpenShift Containerized Applications At Enterprise ScaleSecuring Red Hat OpenShift Containerized Applications At Enterprise Scale
Securing Red Hat OpenShift Containerized Applications At Enterprise ScaleDevOps.com
 
Microsoft DevOps Solution - DevOps
Microsoft DevOps Solution - DevOps Microsoft DevOps Solution - DevOps
Microsoft DevOps Solution - DevOps Chetan Gordhan
 
Application Security with NGINX
Application Security with NGINXApplication Security with NGINX
Application Security with NGINXNGINX, Inc.
 
CSC AWS re:Invent Enterprise DevOps session
CSC AWS re:Invent Enterprise DevOps sessionCSC AWS re:Invent Enterprise DevOps session
CSC AWS re:Invent Enterprise DevOps sessionTom Laszewski
 
Containerization Strategy
Containerization StrategyContainerization Strategy
Containerization StrategyBalaji Mariyappan
 

More Related Content

What's hot

Building A Self-Documenting Application: A Study in Chef and Compliance
Building A Self-Documenting Application: A Study in Chef and ComplianceBuilding A Self-Documenting Application: A Study in Chef and Compliance
Building A Self-Documenting Application: A Study in Chef and ComplianceKevin Gilpin
 
Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryTechWell
 
What's Next for WebRTC
What's Next for WebRTCWhat's Next for WebRTC
What's Next for WebRTCChad Hart
 
How Online Retailer Resident Scaled DevOps with AWS and CloudShell Colony
How Online Retailer Resident Scaled DevOps with AWS and CloudShell ColonyHow Online Retailer Resident Scaled DevOps with AWS and CloudShell Colony
How Online Retailer Resident Scaled DevOps with AWS and CloudShell ColonyDevOps.com
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceTej Luthra
 
DevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it WorkDevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it WorkVMware Tanzu
 
DevOps for Highly Regulated Environments
DevOps for Highly Regulated EnvironmentsDevOps for Highly Regulated Environments
DevOps for Highly Regulated EnvironmentsDevOps.com
 
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Denim Group
 
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingAarno Aukia
 
Day 3: Security Auditing and Compliance
Day 3: Security Auditing and ComplianceDay 3: Security Auditing and Compliance
Day 3: Security Auditing and ComplianceVMware Tanzu
 
On-Demand Webinar: Software Virtualization Lifecycle
On-Demand Webinar: Software Virtualization LifecycleOn-Demand Webinar: Software Virtualization Lifecycle
On-Demand Webinar: Software Virtualization LifecycleSkytap Cloud
 
Infrastructure less development with Azure Service Fabric
Infrastructure less development with Azure Service FabricInfrastructure less development with Azure Service Fabric
Infrastructure less development with Azure Service FabricSaba Jamalian
 
Demystifying AuthN/AuthZ Using OIDC & OAuth2
Demystifying AuthN/AuthZ Using OIDC & OAuth2Demystifying AuthN/AuthZ Using OIDC & OAuth2
Demystifying AuthN/AuthZ Using OIDC & OAuth2NGINX, Inc.
 
Remote Video Inspection (RVI) software for fire and safety inspections
Remote Video Inspection (RVI) software for fire and safety inspectionsRemote Video Inspection (RVI) software for fire and safety inspections
Remote Video Inspection (RVI) software for fire and safety inspectionsCloudVisit, Inc.
 
DevOps for Mainframe: Open Source Fast Track
DevOps for Mainframe: Open Source Fast TrackDevOps for Mainframe: Open Source Fast Track
DevOps for Mainframe: Open Source Fast TrackDevOps.com
 
Bio IT World 2015 - DevOps Security and Transparency
Bio IT World 2015 - DevOps Security and TransparencyBio IT World 2015 - DevOps Security and Transparency
Bio IT World 2015 - DevOps Security and TransparencyKevin Gilpin
 
Get more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPGet more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPF5NetworksAPJ
 
Securing Red Hat OpenShift Containerized Applications At Enterprise Scale
Securing Red Hat OpenShift Containerized Applications At Enterprise ScaleSecuring Red Hat OpenShift Containerized Applications At Enterprise Scale
Securing Red Hat OpenShift Containerized Applications At Enterprise ScaleDevOps.com
 
Microsoft DevOps Solution - DevOps
Microsoft DevOps Solution - DevOps Microsoft DevOps Solution - DevOps
Microsoft DevOps Solution - DevOps Chetan Gordhan
 
Application Security with NGINX
Application Security with NGINXApplication Security with NGINX
Application Security with NGINXNGINX, Inc.
 

What's hot (20)

Building A Self-Documenting Application: A Study in Chef and Compliance
Building A Self-Documenting Application: A Study in Chef and ComplianceBuilding A Self-Documenting Application: A Study in Chef and Compliance
Building A Self-Documenting Application: A Study in Chef and Compliance
 
Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous Delivery
 
What's Next for WebRTC
What's Next for WebRTCWhat's Next for WebRTC
What's Next for WebRTC
 
How Online Retailer Resident Scaled DevOps with AWS and CloudShell Colony
How Online Retailer Resident Scaled DevOps with AWS and CloudShell ColonyHow Online Retailer Resident Scaled DevOps with AWS and CloudShell Colony
How Online Retailer Resident Scaled DevOps with AWS and CloudShell Colony
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
 
DevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it WorkDevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it Work
 
DevOps for Highly Regulated Environments
DevOps for Highly Regulated EnvironmentsDevOps for Highly Regulated Environments
DevOps for Highly Regulated Environments
 
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
 
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss Banking
 
Day 3: Security Auditing and Compliance
Day 3: Security Auditing and ComplianceDay 3: Security Auditing and Compliance
Day 3: Security Auditing and Compliance
 
On-Demand Webinar: Software Virtualization Lifecycle
On-Demand Webinar: Software Virtualization LifecycleOn-Demand Webinar: Software Virtualization Lifecycle
On-Demand Webinar: Software Virtualization Lifecycle
 
Infrastructure less development with Azure Service Fabric
Infrastructure less development with Azure Service FabricInfrastructure less development with Azure Service Fabric
Infrastructure less development with Azure Service Fabric
 
Demystifying AuthN/AuthZ Using OIDC & OAuth2
Demystifying AuthN/AuthZ Using OIDC & OAuth2Demystifying AuthN/AuthZ Using OIDC & OAuth2
Demystifying AuthN/AuthZ Using OIDC & OAuth2
 
Remote Video Inspection (RVI) software for fire and safety inspections
Remote Video Inspection (RVI) software for fire and safety inspectionsRemote Video Inspection (RVI) software for fire and safety inspections
Remote Video Inspection (RVI) software for fire and safety inspections
 
DevOps for Mainframe: Open Source Fast Track
DevOps for Mainframe: Open Source Fast TrackDevOps for Mainframe: Open Source Fast Track
DevOps for Mainframe: Open Source Fast Track
 
Bio IT World 2015 - DevOps Security and Transparency
Bio IT World 2015 - DevOps Security and TransparencyBio IT World 2015 - DevOps Security and Transparency
Bio IT World 2015 - DevOps Security and Transparency
 
Get more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPGet more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IP
 
Securing Red Hat OpenShift Containerized Applications At Enterprise Scale
Securing Red Hat OpenShift Containerized Applications At Enterprise ScaleSecuring Red Hat OpenShift Containerized Applications At Enterprise Scale
Securing Red Hat OpenShift Containerized Applications At Enterprise Scale
 
Microsoft DevOps Solution - DevOps
Microsoft DevOps Solution - DevOps Microsoft DevOps Solution - DevOps
Microsoft DevOps Solution - DevOps
 
Application Security with NGINX
Application Security with NGINXApplication Security with NGINX
Application Security with NGINX
 

Similar to Use the Same Certificate Process Across Your DevOps Toolchain

CSC AWS re:Invent Enterprise DevOps session
CSC AWS re:Invent Enterprise DevOps sessionCSC AWS re:Invent Enterprise DevOps session
CSC AWS re:Invent Enterprise DevOps sessionTom Laszewski
 
CNCF in Japan: Keynote, Open Source Summit Japan, Tokyo
CNCF in Japan: Keynote, Open Source Summit Japan, TokyoCNCF in Japan: Keynote, Open Source Summit Japan, Tokyo
CNCF in Japan: Keynote, Open Source Summit Japan, TokyoCheryl Hung
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDDevOps.com
 
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud Air
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud AirAccelarting Hybrid Cloud Adoption through Use Cases in vCloud Air
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud AirNitin Saxena
 
Devops certification training task 08
Devops certification training task 08Devops certification training task 08
Devops certification training task 08GURUPRASANTH33
 
Using cloud native development to achieve digital transformation
Using cloud native development to achieve digital transformationUsing cloud native development to achieve digital transformation
Using cloud native development to achieve digital transformationUni Systems S.M.S.A.
 
KCD Munich - Cloud Native Platform Dilemma - Turning it into an Opportunity
KCD Munich - Cloud Native Platform Dilemma - Turning it into an OpportunityKCD Munich - Cloud Native Platform Dilemma - Turning it into an Opportunity
KCD Munich - Cloud Native Platform Dilemma - Turning it into an OpportunityAndreas Grabner
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...VMworld
 
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...InfoSeption
 
Introduction to Red Hat Mobile Application Platform
Introduction to Red Hat Mobile Application PlatformIntroduction to Red Hat Mobile Application Platform
Introduction to Red Hat Mobile Application PlatformEvan Wong
 
SFScon22 - Diego Braga - Fantastic Platform Teams and Where to Find Them.pdf
SFScon22 - Diego Braga - Fantastic Platform Teams and Where to Find Them.pdfSFScon22 - Diego Braga - Fantastic Platform Teams and Where to Find Them.pdf
SFScon22 - Diego Braga - Fantastic Platform Teams and Where to Find Them.pdfSouth Tyrol Free Software Conference
 
Using Cloud to Improve AppSec
Using Cloud to Improve AppSecUsing Cloud to Improve AppSec
Using Cloud to Improve AppSecPhillip Marlow
 
The Rise of Serverless Architecture in Web Development.docx
The Rise of Serverless Architecture in Web Development.docxThe Rise of Serverless Architecture in Web Development.docx
The Rise of Serverless Architecture in Web Development.docxSavior_Marketing
 
Practical Data Mesh: Building Decentralized Data Architectures with Event Stream
Practical Data Mesh: Building Decentralized Data Architectures with Event StreamPractical Data Mesh: Building Decentralized Data Architectures with Event Stream
Practical Data Mesh: Building Decentralized Data Architectures with Event StreamEva Mave Ng
 
Practical Data Mesh: Building Decentralized Data Architectures with Event Str...
Practical Data Mesh: Building Decentralized Data Architectures with Event Str...Practical Data Mesh: Building Decentralized Data Architectures with Event Str...
Practical Data Mesh: Building Decentralized Data Architectures with Event Str...Harshana Martin
 
.NET Cloud-Native Bootcamp
.NET Cloud-Native Bootcamp.NET Cloud-Native Bootcamp
.NET Cloud-Native BootcampVMware Tanzu
 

Similar to Use the Same Certificate Process Across Your DevOps Toolchain (20)

CSC AWS re:Invent Enterprise DevOps session
CSC AWS re:Invent Enterprise DevOps sessionCSC AWS re:Invent Enterprise DevOps session
CSC AWS re:Invent Enterprise DevOps session
 
Containerization Strategy
Containerization StrategyContainerization Strategy
Containerization Strategy
 
Practical Guide to Platform-as-a-Service
Practical Guide to Platform-as-a-Service Practical Guide to Platform-as-a-Service
Practical Guide to Platform-as-a-Service
 
CNCF in Japan: Keynote, Open Source Summit Japan, Tokyo
CNCF in Japan: Keynote, Open Source Summit Japan, TokyoCNCF in Japan: Keynote, Open Source Summit Japan, Tokyo
CNCF in Japan: Keynote, Open Source Summit Japan, Tokyo
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
 
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud Air
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud AirAccelarting Hybrid Cloud Adoption through Use Cases in vCloud Air
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud Air
 
Microservices
MicroservicesMicroservices
Microservices
 
Devops certification training task 08
Devops certification training task 08Devops certification training task 08
Devops certification training task 08
 
Using cloud native development to achieve digital transformation
Using cloud native development to achieve digital transformationUsing cloud native development to achieve digital transformation
Using cloud native development to achieve digital transformation
 
KCD Munich - Cloud Native Platform Dilemma - Turning it into an Opportunity
KCD Munich - Cloud Native Platform Dilemma - Turning it into an OpportunityKCD Munich - Cloud Native Platform Dilemma - Turning it into an Opportunity
KCD Munich - Cloud Native Platform Dilemma - Turning it into an Opportunity
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
 
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
 
Introduction to Red Hat Mobile Application Platform
Introduction to Red Hat Mobile Application PlatformIntroduction to Red Hat Mobile Application Platform
Introduction to Red Hat Mobile Application Platform
 
SFScon22 - Diego Braga - Fantastic Platform Teams and Where to Find Them.pdf
SFScon22 - Diego Braga - Fantastic Platform Teams and Where to Find Them.pdfSFScon22 - Diego Braga - Fantastic Platform Teams and Where to Find Them.pdf
SFScon22 - Diego Braga - Fantastic Platform Teams and Where to Find Them.pdf
 
Using Cloud to Improve AppSec
Using Cloud to Improve AppSecUsing Cloud to Improve AppSec
Using Cloud to Improve AppSec
 
The Rise of Serverless Architecture in Web Development.docx
The Rise of Serverless Architecture in Web Development.docxThe Rise of Serverless Architecture in Web Development.docx
The Rise of Serverless Architecture in Web Development.docx
 
Practical Data Mesh: Building Decentralized Data Architectures with Event Stream
Practical Data Mesh: Building Decentralized Data Architectures with Event StreamPractical Data Mesh: Building Decentralized Data Architectures with Event Stream
Practical Data Mesh: Building Decentralized Data Architectures with Event Stream
 
Practical Data Mesh: Building Decentralized Data Architectures with Event Str...
Practical Data Mesh: Building Decentralized Data Architectures with Event Str...Practical Data Mesh: Building Decentralized Data Architectures with Event Str...
Practical Data Mesh: Building Decentralized Data Architectures with Event Str...
 
.NET Cloud-Native Bootcamp
.NET Cloud-Native Bootcamp.NET Cloud-Native Bootcamp
.NET Cloud-Native Bootcamp
 
Unlocking the Cloud Operating Model
Unlocking the Cloud Operating ModelUnlocking the Cloud Operating Model
Unlocking the Cloud Operating Model
 

More from DevOps.com

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareDevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykDevOps.com
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudDevOps.com
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and PredictionsDevOps.com
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionDevOps.com
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)DevOps.com
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDevOps.com
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureDevOps.com
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportDevOps.com
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogDevOps.com
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDevOps.com
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid finalDevOps.com
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureDevOps.com
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021DevOps.com
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?DevOps.com
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsDevOps.com
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...DevOps.com
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...DevOps.com
 

More from DevOps.com (20)

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source Software
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and Snyk
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the Cloud
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware Resolution
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident Response
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with Datadog
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or Privately
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid final
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call Culture
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift Environments
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
 

Recently uploaded

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 

Recently uploaded (20)

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 

Use the Same Certificate Process Across Your DevOps Toolchain

  • 1. // // © 2019 Venafi. All Rights Reserved.1 Use the Same Certificate Process Across Your DevOps Toolchain Sandra Chrust Sr. Product Marketing Mgr. Helen Beal DevOpsologist Relieve the Burden on DevOps 30 May 2019
  • 2. // // // DevOps and DevSecOps Why Trusted Certificates Are Important Essential The DevOps Toolchain Use the Same Certificate Process: Offer a Service Q&A Agenda © 2019 Venafi. All Rights Reserved.2 1 2 3 4 5
  • 4. // 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% “70% of network attacks will use SSL by 2020” —Gartner Predictions 2010 2012 2014 2016 2018 2020 Percentage of Network Attacks Incorporating SSL “A security or compliance breach will shock DevOps advocates, forcing greater focus on governance and toolchain oversight.” Forrester. Predictions 2019: DevOps. Adolescent DevOps Grapples with Governance. November 8, 2018
  • 5. // // © 2019 Venafi. All Rights Reserved.5 DevOps and DevSecOps
  • 6. CLOUD MIGRATION IaaS PaaS, Serverless Containers SaaS ARCHITECTURE MODERNIZATION Microservices API-Centric Modern Languages New Ecosystem DEVOPS High- Performance IT Automated Customer-Centric Fully Integrated DIGITAL TRANSFORMATION Machine Identities Are Here • SSL/TLS Certificates • SSH Keys • Code Signing Certificates // © 2019 Venafi. All Rights Reserved.6 “79% of CIOs expect the speed of DevOps to make it more difficult to know what is trusted and what is not.” Venafi CIO Survey
  • 7. //// © 2019 Venafi. All Rights Reserved.7 optimising th Dev as (Pa Inform of T Agility DevSecOps: Information security as everyone’s job, every day. (Chapter 22) One of the top objections to implementing DevOps principles and patterns has been, “Information security and compliance won’t let us.” And yet, DevOps may be one of the best ways to better integrate information security into the daily work of everyone in the technology value stream. Part IV: ‘The Technological Challenges of Integrating Information Security, Change Management and Compliance’ of the DevOps Handbook: How to Create World-Class Agility, Reliability, & Security in Technology Organizations “
  • 8. // © 2019 Venafi. All Rights Reserved.8 Why Trusted Certificates Are Important Essential
  • 9. // // // When Machine Identities Go Bad © 2019 Venafi. All Rights Reserved.9 Tens of millions of users can’t use their mobile phones for a day due to an expired certificate. Website down – invalid (expired) certificate: “Your connection is not secure.” Incorrect SSL certificate pinning allows hackers to create man in the middle attack on API = STAMPEDE. Another expired certificate, millions of users unable to access the service due to insecure connection.
  • 10. // // // Certificate Needs Are Growing Exponentially © 2019 Venafi. All Rights Reserved.10 Certificates are needed across the entire application stack • Certificates apply to all infrastructure • Servers • Cloud • Containers • Virtual Machines • Service Mesh And need to be embedded within DevOps workflows Span the full software lifecycle Dev Test Stage Prod
  • 11. //11 © 2019 Venafi. All Rights Reserved. Methods Commonly Used in DevOps
  • 12. // Use OpenSSL to generate self-signed certificates Use many instances of HashiCorp Vault to get subordinate CA or self-signed certificates Submit tickets to get trusted certificates Use unauthorized CAs or create their own Use Let’s Encrypt for automated certificate renewals Create homegrown scripts or workarounds Use certificates from public cloud providers Leverage built in DevOps secrets tools Unauthorized Certificate Authorities Homegrown Solutions or Scripts
  • 13. // // // Heterogeneous Approaches Introduce Complexity © 2019 Venafi. All Rights Reserved.13 Source: https://www.reddit.com/r/devops/comments/b63eqp/what_keeps_a_devopssre_manager_up_at_night/
  • 14. // // They must develop and operate security infrastructure that: ü Uses trusted and protected certificates ü Supports multiple certificate authorities ü Delivers non-reputable audit logs ü Protects private keys ü Answers audit requests ü Integrates with vulnerability management and threat intelligence systems ü Verifies compliance ü Conforms to ever-changing policy ü Provides resilience to crypto/key compromise ü Gives visibility to InfoSec ü Supports attestation of corporate compliance And If They Are to Do Things Correctly… © 2019 Venafi. All Rights Reserved.14
  • 15. // // // Challenges and Risks of Current Methods For DevOps • Diverts resources, slows development • Can’t migrate apps • Outages • Error prone, requires maintenance • Creates snowflake environments For InfoSec • Lack of visibility • Policy non-compliance • Can’t audit or remediate • Weak certificate usage • Unprotected private keys • Can’t inspect traffic © 2019 Venafi. All Rights Reserved.15
  • 16. // © 2019 Venafi. All Rights Reserved.16 The DevOps Toolchain
  • 17. // // // The DevOps Loop © 2019 Venafi. All Rights Reserved.17 Ideation Integration ValidationOperation Realization “One way to enable market-oriented outcomes is for Operations to create a set of centralized platforms and tooling services that any Dev team can use to become more productive… a platform that provides a shared version control repository with pre- blessed security libraries, a deployment pipeline that automatically runs code quality and security scanning tools, which deploys our applications into known, good environments that already have production monitoring tools installed on them.”
  • 18. // // // The DevOps Loop © 2019 Venafi. All Rights Reserved.18 Ideation Integration ValidationOperation Realization When key and certificate provisioning becomes part of the automated build process, DevOps teams can significantly reduce IT service delivery time: • Over half (57%) of Venafi customers used the Venafi Platform to improve their SLAs for internal IT services Automated build Test through route to live Environment orchestration Deploy and run
  • 19. // © 2019 Venafi. All Rights Reserved.19 Use the Same Certificate Process: Offer a Service
  • 20. // // // New Guidance from NIST 1800-16B (Draft) © 2019 Venafi. All Rights Reserved.20 https://www.nccoe.nist.gov/projects/building-blocks/tls-server-certificate-management
  • 21. // // // NIST 1800-16B – TLS Server Certificate Management © 2019 Venafi. All Rights Reserved.21 4.1 Certificate Owners With the advent of virtualization, the development and operations (DevOps) teams provision systems and software through programmatic means. This introduces a new type of certificate owner and new TLS server certificate challenges for organizations. As organizations push for more rapid and efficient deployment of business applications, many DevOps teams deploy certificates without coordination with the Certificate Services team. This can result in certificates for mission-critical applications not being tracked. This can be particularly problematic if bugs in DevOps programs/scripts cause certificates to be improperly deployed or updated. In addition, as DevOps teams adopt newer frameworks and tools, it is important to continue to monitor certificates and applications deployed and maintained by older DevOps frameworks and tools. 5.2 Establish a Certificate Service Manually managing TLS server certificates is infeasible due to the large number of certificates in most enterprises. It is also not feasible for each certificate owner to create their own certificate management system. The most efficient and effective approach is for the Certificate Services team to provide a central Certificate Service that includes technology- based solutions that provide automation and that support certificate owners in effectively managing their certificates. This service should include the technology/services for CAs, certificate discovery, inventory management, reporting, monitoring, enrollment, installation, renewal, revocation, and other certificate management operations. https://www.nccoe.nist.gov/projects/building-blocks/tls-server-certificate-management
  • 22. // // // Abstraction Makes it Easy for DevOps © 2019 Venafi. All Rights Reserved.22 Venafi enables security teams to provide access to certificates in a way that abstracts complexity away. This ensures that security is built into the application without the need for developers to maintain cryptographic functions.
  • 23. // // // Accelerate DevOps by Offering a Service © 2019 Venafi. All Rights Reserved.23 23 Platform capabilities Inventory Policy Controls Audit, Reporting & Logging Agentless Drivers Automation Workflows Certificate Authority Connectors DevOps can automatically request certificates for: • Containers • Service Mesh • Serverless • Servers • Load Balancers Modern ArchitectureTraditional InfrastructureLocated in • Physical Data Center • Virtual Data Center • Hybrid Cloud • Public Cloud • Infrastructure -as-a-Service (IaaS) And from within the CI/CD Pipeline, across environments Test Only Certs Internal & Externally Trusted Certificates Development Test Staging Production Automate renewals (native and non-native cloud infrastructure) Options for embedding policy-compliant certificates into DevOps workflows Venafi APIACMESDK and CLI *Open Source *VCert SDK (Go, Python, Java, etc.) *VCert for Command Line REST API / Web SDK Venafi ACME Server DevOps Toolchain Integrations GitHub page: https://github.com/Venafi
  • 24. // // // Venafi Helps You Deliver DevSecOps © 2019 Venafi. All Rights Reserved.24 Fast, repeatable Ease of migration Automated renewals Strong certificates For DevOps Centralized control Policy compliance Ease of remediation Secure key storage For InfoSec Accelerate DevOps, Securely
  • 25. // © 2019 Venafi. All Rights Reserved.25 Security is not one person’s job — it’s everyone’s job.