Trell Rohovit, CEO of Venafi
Venafi invented systems management for encryption to help organizations simplify the management of encryption technologies across their diverse operating systems and infrastructure environments, from the desktop to the datacenter. Venafi solutions are used to manage mission-critical encryption systems at some of the world’s most prestigious organizations in industries including financial services, insurance, high tech, telecommunications, government, airline, aerospace, healthcare, food services and retail. We chatted with Trell Rohovit, CEO of Venafi, about his company and trends in the encryption and security space.
Silicon Slopes: What is Venafi and what is Systems Management for Encryption?
Trell Rohovit: Venafi invented Systems Management for Encryption to help organizations simplify the management of encryption technologies (and their related keys and certificates) in use across their diverse operating environments and infrastructures.
Encryption is a critical element to any security strategy and is being implemented more broadly than ever before due to industry regulations and best practices. But organizations are struggling to manage deployed encryption systems efficiently, and as this challenge increases, data protections become weakened and systems fail.
With Venafi products, companies can deploy, manage, and control encryption technologies across a wide variety of IT environments including desktop computers, network devices, applications and systems. It’s important to note, however that Venafi does not provide encryption technologies, but rather manages and maintains the encryption mechanisms and components.
Silicon Slopes: Why do companies need a way to manage their security and encryption?
Trell Rohovit: There are four major reasons companies implement our management platform:
1. To reduce system downtime. Poorly managed encryption can lead to costly system failures.
2. To increase data security. Poorly managed encryption exposes organizations to risk and increased vulnerability, either because they do not implement it properly, or because they do not protect keys and passwords properly.
3. To ensure regulatory compliance. Most of the best-known industry regulations are, at their heart, written to ensure the security of critical data. Encryption is mandated by most of these laws to secure data. But if the encryption is not properly managed, organizations may not be compliant with regulations, and their data may not be secure.
4. To improve operational efficiency. Encryption management can be done manually, but it is tedious, time-consuming work, and is highly error-prone. Automation helps organizations re-allocate their intelligent, full-time employees to more important initiatives, while ensuring their encryption technologies receive proper care and oversight.
Silicon Slopes: Have there been any current events sparking a need for your products?
Trell Rohovit: If you look across our list of customers -- which includes 16 of the world’s leading financial services organizations, 3 of the largest telecommunications providers, and the leaders in other industries like aerospace, airlines, food services, healthcare, government, retail, technology and others -- you would find that business interruptions are by far the biggest drivers for procuring Venafi.
Many of these organizations have experienced system failures, which, although they were not made public, were extremely costly. One example you may have heard of is ANA Airlines. ANA had a ticketing system go down due to an expired certificate, and it cost them millions of dollars. In fact, the CEO’s pay was docked (see ww.venafi.com/airline_failure/All_Nippon_Airways.aspx). If ANA had been a Venafi customer, that would not have happened. Events like that happen all the time, but are kept quiet.
In addition, industry regulations like the Payment Card Industry Data Security Standard (PCI DSS) are driving organizations to take a close look at how they are protecting data, and that’s driving demand for Venafi.
Finally, the industry is beginning to set new benchmarks for best practices that will be challenging to meet without a management platform like ours. For example, the National Institute of Standards and Technology (NIST), who many large organizations look to for guidance on how to implement a number of aspects of their technology infrastructure, has issued a Special Publication on Key Management (NIST SP 800-57), in which they advise that 1024-bit RSA keys will no longer be viable after 2010. Instead, they recommend that organizations move to implement stronger, 2048-bit RSA keys. Eradicating these weaker 1024-bit keys from large enterprise infrastructures would be a logistical nightmare without a system like the one Venafi provides.
Silicon Slopes: What sets you apart from competitors in your field?
Trell Rohovit: There are four things that set us apart from would-be competitors, and those four things drive every line of code in our products.
1. Venafi manages encryption across all operating environments – from the desktop to the datacenter. This gives our customers a unified view of their encryption and a centralized system to house policy and trigger management tasks.
2. Venafi manages all encryption types, regardless of the vendor or the technology being used. This means Venafi doesn’t push its encryption systems on customers. Rather, it manages what is there and makes it easier to switch between encryption vendors should the customer wish to do (because of a vulnerability or change in best practice).
3. Venafi takes a systems management approach to the way encryption is managed. This means that functions like discovery, policy, workflow, notifications, audit and configuration management are fundamental tools the customer gets in the Venafi platform—tools they are already familiar with in other management platforms.
4. Because Venafi customers are already using enterprise systems to provide these same functions for other configuration elements in their infrastructure, Venafi provides numerous interfaces to existing systems such as certificate authorities, identity management, security information event management, CMDBs, key stores, helpdesk, trouble ticketing systems and many common components of the enterprise infrastructure.
Prior to implementing our system, many organizations were using spreadsheets, reminder notes or homegrown solutions. Venafi Encryption Director simplifies the management of encryption technologies across varied operating systems and infrastructures.
Silicon Slopes: Who are your customers? What markets are you targeting with this technology?
Trell Rohovit: We target large organizations that need to protect critical data such as customer, partner and employee information, intellectual property and financial data. Because our products become part of our customers’ security infrastructure, none of our customers allow us to discuss their purchases publicly by name, but our customers include some of the world’s most prestigious organizations including three of the world’s largest telecommunications companies, 16 of the world’s leading financial services companies, and many more of the world’s most prestigious organizations in various industries, including government, healthcare, airlines, aerospace, retail, technology, food services and others.
Silicon Slopes: When you talk to customers or potential customers, what are the challenges they deal with in regards to managing their security?
Trell Rohovit: Large organizations spend massive amounts of money procuring encryption certificates each year. IT administrators must manage these certificates and keys to keep them current to avoid security breaches or downtime. They live in a fast-paced world and are often overburdened with daily responsibilities and longer-term projects. If a single email or calendar appointment is ignored, overlooked or inadvertently sent to the wrong administrator, an encryption certificate may expire unexpectedly and cause costly system downtime and business interruption. These failures often cause administrators to lose their jobs.
Additionally, compliance with government, industry and organizational policies and regulations is consuming more and more of security practitioners’ time, often at the expense of strategic business activities. In order to maintain compliance, management systems must allow administrators to streamline their work by setting policies centrally, relying on systems to automatically enforce the application of these policies and auditing ongoing operations in relation to those policies.
Venafi invented systems management for encryption to automate and simplify these and many other pain points.
