bankingciooutlook

Venafi: Machine Identity Protection for Banking

CIO VendorJeff Hudson, CEO
The dynamics of the financial industry have changed drastically over the last decade; every financial services firm has steadily increased their reliance on technology. As a result, securing the ever-increasing number of SSL/TLS banking certificates and their corresponding keys required to keep communication between these new technologies secure has become a tedious, error prone task. However, when keys and certificates are poorly managed they dramatically increase security risks for banks. This is because certificates and keys serve as machine identities, similar to the way usernames and passwords serve as human identities. They are critically important in keeping the enterprise secure, because they establish which machines are safe to connect and communicate with and which are not.

To put this into perspective, Jeff Hudson, CEO of Venafi, highlights that every year banks end up spending billions to eradicate phishing attacks and other fraudulent activities, but these efforts are focused almost exclusively on human identities. At the same time, most financial institutions remain very vulnerable to attacks that target machine identities. “The problem lingers, because banks are still early in their understanding of the security loopholes associated with machine identities,” says Hudson. Just as consumers can have poor password hygiene, system administrators can apply weak security practices to machine identities, such as copying or sharing private keys. Machine identity protection is needed to enforce machine identity protection policies to ensure automated machine-to-machine connections and communications remain secure.

With its proprietary Venafi platform, the firm enables banks to authenticate and communicate securely across multiple machine identity types, including SSL/ TLS keys and certificates, SSH keys, and mobile, WiFi, and VPN certificates. The Venafi Platform provides detailed visibility as well as comprehensive machine identity intelligence to help banking organizations detect key weaknesses, prevent misuse and policy violations, and automate incident response. For example, banks can identify the keys and certificates that do not comply with bank policies for key length, hashing algorithm, validity periods, and other attributes, and can then automatically replace them with new, secure, and compliant ones. Venafi enables banks to oversee machine identity risks and consistently enforce stringent security policies.

Venafi also automates the entire key and certificate life cycle to enable customers to reduce management and administration time, as well as automating workflows and policies that govern keys and certificates.

Venafi makes it possible for banks to keep up with the rapidly increasing number of machine identities by providing full automation of keys and certificates across the entire machine identity life cycle


“Today, many of our clients are managing millions of machine identities. So, everything has to be automated to detect and deter weak or compromised machine identities,” mentions Hudson.

When a security event does occur, Venafi helps banks respond in real time. “Automation makes it possible for our clients to replace specific certificates very quickly or remediate thousands of certificates within just hours when a new machine identity weakness or threat is identified.”

The firm also provides an extensive technology partner ecosystem. Out-of-the-box integrations enable banks to integrate comprehensive machine identity intelligence with a wide range of systems. Venafi also created a set of APIs that can be used by its customers and partners to develop and customize interfaces to legacy and proprietary technologies quickly and effectively.

The firm has over 30 machine-identity-protection-related patents and spent over 200 million hours over the last decade developing robust security for keys and certificates. Hudson cites two examples of how Venafi has worked hard to partner with its extensive list of banking customers. In the first instance, after realizing they had no system to track certificates and their private keys, a major bank collaborated with Venafi to protect these important security assets. “We installed our machine identity platform that enabled the bank to gain control over their encrypted keys and deliver audit-ready evidence of these efforts. As a result, they got rid of audit findings.”

In the second case, Venafi assisted another bank that was using DevOps processes and workflows while they were moving applications to the cloud. “We helped them to set up machine identity protection that was fully automated from end-to-end, giving them comprehensive visibility and policy control while not slowing down DevOps innovation and delivery.”

Having worked with leading banks and government firms across the globe, the firm takes pride in partnering with some of the most security conscious financial institutions in the world. The Venafi Platform protects machine identities in four of the top five banks in each of the following countries: U.S., U.K., Australian and South Africa. In the days ahead, as the banking industry increasingly relies on Fintech, Venafi envisions itself as the only viable partner to protect the identities of these machines. Hudson concludes, “Our business is machine identity protection, and we are relentlessly focused on delivering the best technology and being the best partners.”