Jeff Hudson, CEO The dynamics of the financial industry have changed drastically over the last decade; every financial services firm has steadily increased their reliance on technology. As a result, securing the ever-increasing number of SSL/TLS banking certificates and their corresponding keys required to keep communication between these new technologies secure has become a tedious, error prone task. However, when keys and certificates are poorly managed they dramatically increase security risks for banks. This is because certificates and keys serve as machine identities, similar to the way usernames and passwords serve as human identities. They are critically important in keeping the enterprise secure, because they establish which machines are safe to connect and communicate with and which are not.
To put this into perspective, Jeff Hudson, CEO of Venafi, highlights that every year banks end up spending billions to eradicate phishing attacks and other fraudulent activities, but these efforts are focused almost exclusively on human identities. At the same time, most financial institutions remain very vulnerable to attacks that target machine identities. “The problem lingers, because banks are still early in their understanding of the security loopholes associated with machine identities,” says Hudson. Just as consumers can have poor password hygiene, system administrators can apply weak security practices to machine identities, such as copying or sharing private keys. Machine identity protection is needed to enforce machine identity protection policies to ensure automated machine-to-machine connections and communications remain secure.
With its proprietary Venafi platform, the firm enables banks to authenticate and communicate securely across multiple machine identity types, including SSL/ TLS keys and certificates, SSH keys, and mobile, WiFi, and VPN certificates. The Venafi Platform provides detailed visibility as well as comprehensive machine identity intelligence to help banking organizations detect key weaknesses, prevent misuse and policy violations, and automate incident response. For example, banks can identify the keys and certificates that do not comply with bank policies for key length, hashing algorithm, validity periods, and other attributes, and can then automatically replace them with new, secure, and compliant ones. Venafi enables banks to oversee machine identity risks and consistently enforce stringent security policies.
Venafi also automates the entire key and certificate life cycle to enable customers to reduce management and administration time, as well as automating workflows and policies that govern keys and certificates.
Venafi makes it possible
for banks to keep up with
the rapidly increasing
number of machine
identities by providing
full automation of keys
and certificates across
the entire machine
identity life cycle
“Today, many of our clients are managing millions of machine identities. So, everything has to be automated to detect and deter weak or compromised machine identities,” mentions Hudson.
When a security event does occur, Venafi helps banks respond in real time. “Automation makes it possible for our clients to replace specific certificates very quickly or remediate thousands of certificates within just hours when a new machine identity weakness or threat is identified.”
The firm also provides an extensive technology partner ecosystem. Out-of-the-box integrations enable banks to integrate comprehensive machine identity intelligence with a wide range of systems. Venafi also created a set of APIs that can be used by its customers and partners to develop and customize interfaces to legacy and proprietary technologies quickly and effectively.
The firm has over 30 machine-identity-protection-related patents and spent over 200 million hours over the last decade developing robust security for keys and certificates. Hudson cites two examples of how Venafi has worked hard to partner with its extensive list of banking customers. In the first instance, after realizing they had no system to track certificates and their private keys, a major bank collaborated with Venafi to protect these important security assets. “We installed our machine identity platform that enabled the bank to gain control over their encrypted keys and deliver audit-ready evidence of these efforts. As a result, they got rid of audit findings.”
In the second case, Venafi assisted another bank that was using DevOps processes and workflows while they were moving applications to the cloud. “We helped them to set up machine identity protection that was fully automated from end-to-end, giving them comprehensive visibility and policy control while not slowing down DevOps innovation and delivery.”
Having worked with leading banks and government firms across the globe, the firm takes pride in partnering with some of the most security conscious financial institutions in the world. The Venafi Platform protects machine identities in four of the top five banks in each of the following countries: U.S., U.K., Australian and South Africa. In the days ahead, as the banking industry increasingly relies on Fintech, Venafi envisions itself as the only viable partner to protect the identities of these machines. Hudson concludes, “Our business is machine identity protection, and we are relentlessly focused on delivering the best technology and being the best partners.”
“Venafi partners with the largest, most complex organizations in the world, and our solutions secure the vast majority of the digital infrastructure that runs our modern world,” said Jeff Hudson, CEO of Venafi. “These partnerships have given us a deep understanding of the complexity created by digital transformation and the shift to hybrid and cloud native architectures. Today, a typical global organization has hundreds of thousands of machines – which include applications, APIs, containers and microservices, in addition to physical devices -- spread across a wide variety of environments. Each one of these machines requires an identity. At Venafi, we know how costly and slow it is to build identity-based, zero trust architectures in these complicated, rapidly changing environments. The Venafi Control Plane for Machine Identities is unmatched in reducing complexity and increasing the speed of development, while at the same time increasing security for machine identities which are the foundation of trust in our modern world.”
There are two actors on every network: people and machines. People rely on usernames, passwords and two-factor authentication to gain access to data and services. Machines also need identities for the same reasons. Rapid adoption of cloud infrastructures requires a greater number and variety of machine identities, many of which change rapidly because they are ephemeral. For example, some cloud native environments require huge volumes of certificates (one of many different types of machine identities) with near zero latency. Organizations spend millions of dollars managing human identities but are just realizing the criticality of security and protecting machine identities.
The Venafi Control Plane is the only control plane for machine identity management designed to deliver observability, consistency, reliability and freedom of choice across clouds, hybrid environments, data centers and the edge.
The Venafi Control Plane delivers core capabilities directly and distributes or delegates them within reusable patterns and policy controls. Together these capabilities support cradle-to-grave machine identity lifecycle orchestration, authentication, authorization and governance providing customers with immediate value, including:
• Elimination of outages on customer-facing infrastructure, which saves an average $9.3 million of revenue per hour for financial services firms
• Dramatic reduction in the risk of data breaches that cost, on average, $5.97 million per breach
• Improvement of machine identity management efficiency, increasing productivity by as much as 98%
To ensure these capabilities are available in even the most demanding edge and cloud native environments, Venafi is also announcing early access to a new Venafi Control Plane service: Fast Issuance. Fast Issuance is an ultra low-latency service for issuing machine identities at speed with zero dependencies. The Fast Issuance service enables local issuance for entities or services that require machine identities to be delivered at scale with near-to-zero latency. Fast Issuance can be used in any environment: cloud native, data center, hybrid or edge.
Venafi has also published the Modern Machine Identity Management Reference Architecture. The Reference Architecture incorporates zero trust best practices for architecting machine identity management in data center, cloud and edge architectures. The reference architecture is based on extensive experience partnering with global organizations designing complex hybrid and cloud native production environments.
“As companies come to grips with the increasing number of workloads they are running in the cloud, they realize that inefficiencies are slowing down teams and creating new security risks that are just waiting to be exploited,” said Kevin Bocek, Vice President of Threat Intelligence and Security Strategy at Venafi. “Success in the cloud is now a function of design and architecture, especially when board members want specific information about zero trust strategies. Without the right architecture, the headaches, costs and incidents connected with the cloud are sure to grow. The Control Plane for Machine Identity Management is the first and only solution that gives platform and security teams the power to collaborate on repeatable design patterns and blueprints. From cloud native to mainframe, the Venafi Control Plane provides measurable consistency, observability and reliability. This new approach makes it possible for developers to build using the tools, clouds and languages they love, while security and platform teams have confidence and frictionless operations.”