Venafi Survey: 75% of DevOps Professionals Say Certificate Issuance Policies Slow Them Down

Less than half believe developers always request certificates that serve as machine identities through authorized channels

SALT LAKE CITY — December 12, 2019 — Venafi®, the inventor and leading provider of machine identity protection, today announced the results of a survey on digital certificate security policies and practices in environments. The survey evaluated the opinions of 108 professionals attending the DevOps Enterprise Summit 2019 (DOES19) in Las Vegas, Nevada.

According to Venafi’s survey, 75% of DevOps professionals are concerned that policies for issuing certificates slow down development, and over a third (39%) believe developers should be able to circumvent these policies to meet service level agreements. In addition, less than half (48%) of those surveyed believe developers in their organization always request certificates through the security team-approved methods and channels.

Cryptographic keys and certificates serve as machine identities and enable authentication and secure communication for applications, service containers and APIs on enterprise networks, the internet and in cloud environments. The use of weak or unauthorized keys and certificates can significantly increase security risks, particularly in cloud environments. Developers use insecure machine identities, including certificates from unauthorized certificate authorities (CAs) and self-signed or wild card certificates, because corporate certificate issuance processes are seen as too cumbersome. Unfortunately, this leaves security teams in the dark and increases organizational risk, especially if key and certificate vulnerabilities or errors enter production environments.

“DevOps is all about speed, but this survey illustrates that developers often find security policies slow,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. “Unfortunately, security professionals are often unaware of the risks DevOps processes bring to their organizations. Ultimately, security teams need to make it more straightforward for developers to use machine identities—protecting them must be easier and faster than it is to circumvent policy, otherwise these problems will continue to grow exponentially. Organizations that rely on DevOps processes require visibility, intelligence and automation to protect their machine identities.”

For more information, please visit:

About Venafi

Venafi is the cybersecurity market leader and inventor of machine identity protection, securing machine-to-machine connections and communications. Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, IoT, code signing, mobile and SSH. Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise – on premises, mobile, virtual, cloud and IoT – at machine speed and scale. Venafi puts this intelligence into action with automated remediation that reduces the security and availability risks connected with weak or compromised machine identities while safeguarding the flow of information to trusted machines and preventing communication with machines that are not trusted.

With over 30 patents, Venafi delivers innovative solutions for the world’s most demanding, security-conscious Global 5000 organizations and government agencies, including the top five U.S. health insurers; the top five U.S. airlines; the top four credit card issuers; three out of the top four accounting and consulting firms; four of the top five U.S., U.K., Australian and South African banks; and four of the top five U.S. retailers. Venafi is backed by top-tier investors, including TCV, Foundation Capital, Intel Capital, QuestMark Partners, Mercato Partners and NextEquity.

For more information, visit: