UPDATED 07:00 EDT / MARCH 20 2024


Venafi integrates SPIFFE standards to strengthen workload identity security

Machine identity protection firm Venafi Inc. today introduced Secure Production Identity Framework For Everyone support for Venafi Firefly, allowing security teams to ensure governance and reduce risks while accelerating development.

SPIFFE is a set of open-source standards for securely identifying software services in dynamic and heterogeneous environments. The framework aims to provide a universal identity control plane, facilitating service-to-service authentication and secure communication.

Venafi’s introduction of SPIFFE support seeks to address the issue wherein modern applications require an automated way to scale and secure short-lived heterogeneous workloads. By leveraging SPIFFE’s open-source framework of identity standards, Venafi Firefly customers can now easily secure and govern workload identities across complex, dynamic development environments such as Kubernetes without slowing down innovation, the company says.

The implementation of SPIFFE on Venafi, it adds, varies from secrets managers and legacy public key infrastructure services that can’t or don’t support modern, decentralized approaches. Venafi claims Firefly with SPIFFE can easily and reliably mutually authenticate workloads across dynamic, multicloud environments using short-lived, verifiable identities managed by the Venafi Control Plane. The result, it says, is a service that security and platform teams can use to secure workload identities across all environments while significantly reducing operational complexity and costs.

“Venafi Firefly goes beyond conventional workload identity management. It bridges the gap between security compliance and platform team efficiency by providing a unified, automated approach to seamlessly authenticate workloads in modern, cloud-native environments,” said Chief Product Officer Shivajee Samdarshi. “It automatically issues each workload with its own identity and creates an enterprise-wide trust root system to secure and authenticate workloads across any infrastructure.”

Key features of the new SPIFFE capability include enhanced governance and compliance, with security teams able to adopt a recognized industry standard for workload identity and security. Doing so improves governance and security compliance for authenticating workload identities in highly scalable, cloud-native environments.

The implementation uses secretless authentication, allowing security teams to establish verifiable and ephemeral workload identities, underpinning a zero-trust architecture that eliminates the need for persistent, long-term secrets in certificates. Venafi Firefly automatically rotates and renews SPIFFE identities, which significantly mitigates the risks associated with secrets compromise or leakage.

Other features include advanced automation for workloads across multicloud operations through a unified workload identity system that helps platform teams remove the complexity and challenges of managing workload identity systems from different cloud providers. The implementation of SPIFFE also allows users to enable simplified authentication and attestation of workloads to secure trust domains.

“With SPIFFE support now added, platform teams can use Venafi Firefly to consume SPIFFE-compatible identities and seamlessly authenticate workloads for improved workload identity governance and trust,” Samdarshi added.

Image: Venafi

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy