TLS Protect for Kubernetes, which is a component of the Venafi Control Plane for machine identities, gives security and platform teams the ability to manage cloud native machine identities quickly and securely, such as TLS, mTLS, and SPIFFE, across all of an organization’s multi-cloud and multi-cluster Kubernetes environments.
Shivajee Samdarshi, chief product officer at Venafi commented, “As organizations shift from traditional data center environments to modern, highly distributed cloud native infrastructures like Kubernetes, the volume of certificates and machine identities explodes, leading to increased threat risks and an increased need for security controls.
Through the Venafi Control Plane, we’re modernizing machine identity management and making managing machine identities in cloud native environments easier than ever. TLS Protect for Kubernetes gives security and platform teams the observability, consistency, and control over machine identities to ensure a validated and auditable chain of trust exists for every workload deployed to a Kubernetes cluster, including consistent approaches to certificate configurations and security policies.”
Enterprises can increase application reliability and lower development and running costs by delivering increased visibility, control, and automation over machine identity management within more complex cloud native infrastructures.
TLS Protect for Kubernetes was created using a fully supported version of the open-source cert-manager project, which is the de facto cloud native solution created by Jetstack, a Venafi company. TLS and mTLS certificate issuance and renewal can now be automated by developers. TLS Protect for Kubernetes offers in-cluster observability to identify and fix security risks brought on by improperly configured certificates, as well as options for security controls over certificate issuance to satisfy security.
The following are features of TLS Protect for Kubernetes:
Observability
Security and platform teams can find out which machine identities are used across all clusters using a web-based management interface. This interface also provides alerts on the configuration, compliance, and health of the machine identity management infrastructure. It offers a quick visual status of all workload certificates, along with information about their association with Kubernetes resources and X.509 certificate configurations.
Consistency
By enforcing machine identity policies for TLS, mTLS, and SPIFFE VID across all clusters in accordance with enterprise security policies, TLS Protect for Kubernetes makes sure the right version of cert-manager is being used and configured consistently.
Reliability
To ensure performance and scalability, the product seamlessly integrates with Kubernetes environments. It also includes a commercially supported, FIPS 140-2 compliant, and signed version of the open source cert-manager project to deliver enterprise-grade machine identity management across Kubernetes environments.
Freedom of choice
Kubernetes distributions, cloud platform suppliers, and multi-cloud configurations are all supported by TLS Protect for Kubernetes. Along with other DevOps and cloud native solutions, it also integrates with well-known secret vaults.