key management

Auto Added by WPeMatico

Venafi acquires Jetstack, the startup behind the cert-manager Kubernetes certificate controller

It seems that we are in the middle of a mini acquisition spree for Kubernetes startups, specifically those that can help with Kubernetes security. In the latest development, Venafi, a vendor of certificate and key management for machine-to-machine connections, is acquiring Jetstack, a U.K. startup that helps enterprises migrate and work within Kubernetes and cloud-based ecosystems, which has also been behind the development of cert-manager, a popular, open-source native Kubernetes certificate management controller.

Financial terms of the deal, which is expected to close in June of this year, have not been disclosed, but Jetstack has been working with Venafi to integrate its services and had a strategic investment from Venafi’s Machine Identity Protection Development Fund.

Venafi is part of the so-called “Silicon Slopes” cluster of startups in Utah. It has raised about $190 million from investors that include TCV, Silver Lake and Intel Capital and was last valued at $600 million. That was in 2018, when it raised $100 million, so now it’s likely Venafi is worth more, especially considering its customers include the top five U.S. health insurers, the top five U.S. airlines, the top four credit card issuers, three out of the top four accounting and consulting firms, four of the top five U.S., U.K., Australian and South African banks and four of the top five U.S. retailers.

For the time being, the two organizations will continue to operate separately, and cert-manager — which has hundreds of contributors and millions of downloads — will continue on as before, with a public release of version 1 expected in the June-July time frame.

The deal underscores not just how Kubernetes -based containers have quickly gained momentum and critical mass in the enterprise IT landscape, in particular around digital transformation, but specifically the need to provide better security services around that at speed and at scale. The deal comes just one day after VMware announced that it was acquiring Octarine, another Kubernetes security startup, to fold into Carbon Black (an acquisition it made last year).

“Nowadays, business success depends on how quickly you can respond to the market,” said Matt Barker, CEO and co-founder of Jetstack . “This reality led us to re-think how software is built and Kubernetes has given us the ideal platform to work from. However, putting speed before security is risky. By joining Venafi, Jetstack will give our customers a chance to build fast while acting securely.”

To be clear, Venafi had been offering Kubernetes integrations prior to this — and Venafi and Jetstack have worked together for two years. But acquiring Jetstack will give it direct, in-house expertise to speed up development and deployment of better tools to meet the challenges of a rapidly expanding landscape of machines and applications, all of which require unique certificates to connect securely.

“In the race to virtualize everything, businesses need faster application innovation and better security; both are mandatory,” said Jeff Hudson, CEO of Venafi, in a statement. “Most people see these requirements as opposing forces, but we don’t. We see a massive opportunity for innovation. This acquisition brings together two leaders who are already working together to accelerate the development process while simultaneously securing applications against attack, and there’s a lot more to do. Our mutual customers are urgently asking for more help to solve this problem because they know that speed wins, as long as you don’t crash.”

The crux of the issue is the sheer volume of machines that are being used in computing environments, thanks to the growth of Kubernetes clusters, cloud instances, microservices and more, with each machine requiring a unique identity to connect, communicate and execute securely, Venafi notes, with disruptions or misfires in the system leaving holes for security breaches.

Jetstack’s approach to information security came by way of its expertise in Kubernetes, developing cert-mananger specifically so that its developer customers could easily create and maintain certificates for their networks.

“At Jetstack we help customers realize the benefits of Kubernetes and cloud native infrastructure, and we see transformative results to businesses firsthand,” said Matt Bates, CTO and co-founder of Jetstack, in a statement. “We developed cert-manager to make it easy for developers to scale Kubernetes with consistent, secure, and declared-as-code machine identity protection. The project has been a huge hit with the community and has been adopted far beyond our expectations. Our team is thrilled to join Venafi so we can accelerate our plans to bring machine identity protection to the cloud native stack, grow the community and contribute to a wider range of projects across the ecosystem.” Both Bates and Barker will report to Venafi’s Hudson and join the bigger company’s executive team.

Powered by WPeMatico

Decrypted: Contact-tracing privacy, Zoom buys Keybase, Microsoft eyes CyberX

As the world looks to reopen after weeks of lockdown, governments are turning to contact tracing to understand the spread of the deadly coronavirus.

Most nations are leaning toward privacy-focused apps that use Bluetooth signals to create an anonymous profile of where a person has been and when. Some, like Israel, are bucking the trend and are using location and cell phone data to track the spread, prompting privacy concerns.

Some of the biggest European economies — Germany, Italy, Switzerland and Ireland — are building apps that work with Apple and Google’s contact-tracing API. But the U.K., one of the worst-hit nations in Europe, is going it alone.

Unsurprisingly, critics have both security and privacy concerns, so much so that the U.K. may end up switching over to Apple and Google’s system anyway. Given that one of Israel’s contact-tracing systems was found on an passwordless server this week, and India denied a privacy issue in its contact-tracing app, there’s not much wiggle-room to get these things wrong.

Turns out that even during a pandemic, people still care about their privacy.

Here’s more from the week.


THE BIG PICTURE

Zoom acquires Keybase, but questions remain

When Zoom announced it acquired online encryption key startup Keybase, for many, the reaction was closer to mild than wild. Even Keybase, a service that lets users store and manage their encryption keys, acknowledged its uncertain future. “Keybase’s future is in Zoom’s hands, and we’ll see where that takes us,” the company wrote in a blog post. Terms of the deal were not disclosed.

Zoom has faced security snafu after snafu. But after dancing around the problems, it promised to call in the cavalry and double down on fixing its encryption. So far, so good. But where does Keybase, largely a consumer product, fit into the fray? It doesn’t sound like even Zoom knows yet, per enterprise reporter Ron Miller. What’s clear is that Zoom needs encryption help, and few have the technical chops to pull that off.

Keybase’s team might — might — just help Zoom make good on its security promises.

Powered by WPeMatico

Google’s Cloud Platform gets a new key management service

Keys for the Key Maker Google is launching a new key management service for its Cloud Platform today that will help enterprises — especially in regulated industries like healthcare and banking — create, use, rotate and destroy their encryption keys in the cloud. The aptly named Google Cloud Key Management Service (Cloud KMS) is now available as a beta in select countries. Enterprises have… Read More

Powered by WPeMatico