"Silicon-based lifeforms" is a term Ray Bradbury might have used to great effect. "Invasion of the Sand Beings" would have made a great sci-fi title. Just imagine the film trailer: "They're awesome! They're everywhere! They're made of silicon! They're indestructable!"
So imagine my surprise hearing what seemed at first to be a level-headed CEO explaining to me that his company, Venafi, is in the business of supplying "ID badges for silicon-based lifeforms" Okay, Venafi has its headquarters in a Salt Lake City suburb named, of all things, Sandy, but this surely is a pun too far, isn't it? No joke, though. Jeff Hudson sees certificates as the best, or at least the most pervailent way of giving identity to the machines that run our IT systems - and increasingly the world.
The invasion of the sand beings is already an accomplished fact, Jeff believes. And like in any good work of science fiction nobody knows who they really are or how many of them are out there. That is because up to now certificates have been left largely unmanaged, especially within enterprises where they live shady lives in servers and in network components, being swapped back and forth and providing access to our innermost secrets. Downright scary, if you think of them that way, isn't it?
Venafi and Jeff Hudson have set out to save the world by taking control over these silicon-based beings and placing it human hands, where it belongs. The sad truth, Jeff maintains, is that admins and IT departments have no idea how many certificates are out there and when they will expire.
This can be bad news, indeed, as the case of a large US-based manufacturer showed, where ill-timed expiration of some certificates on a handful of very vital computer systems is said to have led to serious delays on the development of their latest highly-publicized product launch.
However, the uncontrolled spread of ever greater numbers of digital certificates from a growing number of providers, each with its own little foibles and incompatibilities and generally lacking both interoperability and management, can lead to more than system downtime and outages, Jeff says. Increasingly, they pose a threat to compliance. If your auditor were ever to find out that you have no idea what the certificates on your company's servers are doing, how they got there and when they may or may not choose to cease to function, then how is he to sign off on them at the end of the year?
But there is worse to come. The world, it seems, is populated by yet another silicon-based lifeform, this time a sinister and malictious one, namely malware. Certificate sprawl is an easy way for these nasty little critters to infect a system by posing, for instance, as a legitimate SSL certificate or SSH key. And don't think the bad guys don't know it - or how to do it!
Venafi, it just so happens, is in the business of managing certificates within enterprise systems. They start out by scouring your system and discovering all the different kinds of certificates already installed there and coming back with the information about what type they are, who installed them and when they are set to expire. Once this essential task of digital housekeeping is done they monitor and update certificates in an orderly and timely manner and inspect new certificates to make sure they are up to predefined standards.
They are very good at doing this for SSL certificates, but up to now they haven't been able to do a similar job for SSH keys, which however are also widely used by system administrators, for instance, to do routine maintenance on remote systems. That will change, though. When I visited Venafi last week, Joe Askehan, who is in charge of product development management, kept nipping out to twiddle with the final version of an SSH management system that they are currently building for a large bank in the UK and which is scheduled to go online in June before the end of this year. It will eventually become part of Venafi's signature product, Director 6, so anybody can use it.
Think of it as pest control for the digital age. The silicon-based lkifeforms have come out of the sci-fi closet and are already living with us. If we don't watch out, they are going to take over.
I can't help thinking about what this all means bfor the so-called "Internet of Things" and IBM's vision of the "Smart Planet". As sensors and networked systems in anything from bridge pylons to water mains proliferate, they will all need some kinbd of digital identity, and certificates are the likely candidate. There will be billions of billions of them out there, effectively controlling human destiny. If we don't control them, they'll control us.
I wonder why Ray never thought of that.
Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.
Subscribe to our Podcasts
How can we help you