How to Stop Outages in Your Kubernetes Clusters [Case Study]

How to Stop Outages in Your Kubernetes Clusters [Case Study]
Mon, 08/01/2022 – 12:00

InfoSec vs platform development teams

First you might discover—unsurprisingly—a lack of synchronicity between your InfoSec and platform development teams. The latter group may have assumed that the machine identity management tools used for on-premise infrastructure didn’t apply to them, given that the high volume of Kubernetes workloads being deployed on faster release cycles are consuming way more TLS certificates. The former group, meanwhile, has no visibility into how certificates are being used and configured in Kubernetes clusters, which might have enabled them to catch a misconfigured or expiring certificate before an outage could occur.

DevOps Connect:DevSecOps @ RSAC 2022

Prevent outages: Venafi Jetstack Secure

If you’re already a Venafi customer, you know how well TLS Protect works to manage machine identities. And you may be aware that Jetstack, the Venafi-owned company that created cert-manager, is popular among your developers. After all, cert-manager, an open source tool, automates the issuance and management of TLS certificates in Kubernetes environments—and it’s been downloaded more than 1 million times a day since 2021.

But like any global financial institution, you need a solution that not only can stop outages in cloud native environments but one that also gives your security teams visibility into your TLS certificate inventory, enforces policies and standardizes all instances of cert-manager while letting developers use their preferred tools. And, most important perhaps, it can scale easily.

That’s where Venafi Jetstack Secure comes in. Built on top of cert-manager, Jetstack Secure is designed specifically for enterprise usage. And our new case study, Global Bank Eliminates Kubernetes Certificate-Based Outages with Jetstack Secure describes just how Jetstack Secure helped one global bank do just that.

An excerpt from the case study:

“The first task for Jetstack Secure was to help the bank identify in-cluster certificates that could potentially trigger an outage—and the bank was surprised to find several hundred of them. With Jetstack Secure, the platform team easily revoked the offending certificates and replaced them with ones that complied with corporate security policies defined within the Venafi platform. Jetstack Secure enforced this automatically.”

This took a load off the minds of the security team. In addition:

“The security team was pleased that Jetstack Secure automates tasks such as centralized logging and monitoring because it gave them confidence that their cloud environments were managed at the same level as their on-premise ones.”

Meanwhile, development teams appreciated how Jetstack Secure brought about truly frictionless certificate-as-a-service:

“Development teams were thrilled that they no longer had to worry about the various aspects of certificate management that used to hobble speed of development—including requesting tokens, managing private keys and maintaining cert-manager across hundreds of clusters. Moreover, they could now procure and manage valid Venafi-approved certificates without having to worry about whether certificates adhered to policy.”

Want to read more? Click here to read the case study. But before you go, here’s a money quote from the bank’s vice president of security:

“Venafi and the Jetstack Secure team also provide best practice blueprints to maintain cloud security and compliance as we scale, as well as the ability to seamlessly extend our visibility across both classic on-premise and modern cloud infrastructure. That’s the closest thing to a silver bullet I’ve seen in my 25 years as a security professional.”

Related Posts

Robyn Weisman

Maybe you’ve heard this one before. You’re a global bank in the process of migrating to a multicloud infrastructure using Kubernetes. And then suddenly you find yourself falling victim to outage after outage, one of which knocks out an important customer-facing app for several hours. How do you tackle the problem?

What if you could eliminate certificate outages forever? Learn about our No Outage Guarantee!


UTM Medium

UTM Source

UTM Campaign

*** This is a Security Bloggers Network syndicated blog from Rss blog authored by brooke.crothers. Read the original post at: