Venafi Inc., a major player in the so-called machine identity protection segment of the cybersecurity market, is acquiring Jetstack Inc., a small startup focused on Kubernetes security.

The concept behind machine identify protection is to ensure that a system to which a company sends data is safe. That’s accomplished with security certificates, hard-to-forge cryptographic identifiers indicating a system can be trusted. An application trying to access a database, for instance, might use a security certificate to prove to the database that it’s authorized to view the records inside.

Venafi sells software that helps companies ensure such verifications are performed smoothly across their applications and devices. Its tools automate the various tasks involved in the process, from renewing expired certificates to monitoring how they’re used. The Salt Lake City-based firm, which has raised about $190 million from investors including Intel Corp., counts the top five health insurers and the four top credit card issuers in the U.S. as customers.

Jetstack’s focus area overlaps with that of Venafi to a large extent. The British startup is best known as the maker of cert-manager, a pervasive open-source security certificate management tool for Kubernetes that boasts millions of downloads.

Jetstack has also built a paid service called Preflight that helps companies spot security issues in their Kubernetes deployments. The software can map out hidden and potentially vulnerable components in a cluster, such as a container that was flagged for deletion but was overlooked and continues to run unnoticed. Preflight also flags insecure Kubernetes configuration settings, including faulty implementations of cert-manager.

Jetstack’s technology will enable Venafi to better target the large and rapidly growing number of organizations that are adopting Kubernetes for internal infrastructure. Jetstack will continue to operate independently. Venafi will grow the startup’s engineering team and plans to continue supporting its work in the open-source Kubernetes ecosystem. 

The plan includes directing “more engineering and support to the cert-manager project itself, but also working with projects across the ecosystem on open source and open standards,” Jetstack co-founder and Chief Technology Officer Matthew Bates wrote in a blog post. “We will look at open governance of our projects and attract a broad and diverse set of stakeholders and contributors.”

“Our open-source projects will remain open, and our commitment to the community won’t change, in fact it will be strengthened with further investment,” Matt Barker, Jetstack’s other co-founder and chief executive, added in a separate post.

The deal is significant not only because it has ramifications for the future of cert-manager, a key component of Kubernetes clusters widely used by the enterprises, but also because it’s at least the fourth cybersecurity acquisition this week. On Wednesday, VMware Inc. bought Octarine Inc. an Accel-backed Kubernetes security startup. Separately, CyberArk Software Ltd. shelled out $70 million for Idaptive LLC and SonarSource SA picked up RIPS Technologies GmbH, a German maker of code security software.

Photo: Venafi