Keyfactor today announced DevOps integrations with automation and
containerization industry leaders Ansible,
Docker,
HashiCorp,
Jenkins
and Kubernetes
to offer security-first services and solutions designed to seamlessly integrate
with existing enterprise tools and applications.
"DevOps has
radically improved agility and application delivery in organizations large and
small," said Ted Shorter, chief technology officer and co-founder at Keyfactor.
"Yet new DevOps processes and tooling have struggled to align security within
workflows - software security typically takes more time than DevOps-centered
software delivery cycles allow."
A rise in
cryptographic-based attacks, like last year's ASUS attack, exploit third-party
software and its digital certificates, allowing attackers to connect to
sensitive backend systems or push malware through updater tools. Recent
research indicates a 39% likelihood that organizations will experience a
similar server certificate or key misuse incident over the next two years.
According to
research firm Gartner Inc., "proper secrets management, including certificate
and key management, is crucial to security agile applications."
Digital certificates
have long played an integral - if not routine - role in DevOps workflows,
securing authentication across users, devices and applications. The secure
identities the certificates establish reinforce key DevOps practices within
infrastructure, pipeline, code and microservices integration, thereby bridging
the DevSecOps gap and the ability to mitigate security risk.
"Our mission is to
help DevOps teams establish critical trust at design through comprehensive and
complete cryptographic management," said Shorter. "We want to make it easy to
apply cloud-first, crypto-agility at scale to ensure all connections -
especially those critical to business and human life - are trusted."
Keyfactor offers cloud-hosted PKI-as-a-Service
infrastructure through integrated certificate and key management, secure
signing and secure IoT device design. The platform provides discovery,
integration and orchestration capabilities, enabling teams to gain complete
crypto-agility, extensibility and visibility.