Venafi Reviews

In my testing and support role as an analyst, I handle a certificates list, checking their expiry dates, and if a certificate is expiring within a month, we ask if there are any private keys to add; if not, we put a public key for renewal or creation based on the expiry date, and we obsolete certificates not in use from the Venafi tool.

The best feature I appreciate about Venafi is its user interface, which allows me to search for any particular certificate and immediately see the certificate details and expiry. I mostly appreciate how user-friendly the UI is. The Venafi solution has helped my organization by allowing us to manage certificates directly instead of relying on server administrators to perform tasks such as renewing and obsoleting.

As an end user, I cannot specifically point out improvements, but I believe it would be beneficial to display active certificates in a separate column on the UI, so users can easily find what they need. Additionally, I think notifications for certificate expirations could include varying time frames such as 60 days or 15 days to better inform end users.

I have been using the Venafi tool for almost six plus years when I worked for Lloyds Banking Group, particularly for certification tasks such as obsoleting, creating, and renewing.

For the stability of the solution itself, I would rate it a seven.

I am not sure about the total users across the whole company, but in our team, there are about 10 to 15 people.

I only utilize Venafi for certificate renewal, so I cannot compare it to other products.

We do not handle the deployment ourselves as different teams manage the installation.

The overall time saved from automating processes compared to manual work could be around ten percent.

Although I am not fully aware of compliance matters, I believe Venafi maintains good authentication since only authorized users can log in, preventing compliance issues. Different clients such as Walmart and Lloyds will have their certificates in separate folders to ensure that data from one client does not mix with another. I am not aware of Venafi's pricing.

Overall, I would rate Venafi a seven because, from my perspective, that feels accurate.

My use cases for Venafi were for the Venafi Trust Protection Platform, managing infrastructure PKI and certificates.

Venafi's automation capabilities are very good, which is why we used it. Venafi's ability to stay updated on the most current certification renewals was also very good. Venafi's ability to safeguard my financial services infrastructure was good; we had no problems with that. Venafi's ability to help with compliance and regulatory requirements, including SOX and Swift, was great. This is a major selling point.

In terms of areas for improvement, one thing that we did not appreciate about Venafi was having agents on everything. An agent needed to be installed everywhere to handle the certificate management. Having the agents everywhere is not ideal and is always problematic. Having the agent everywhere is not the best for security, which was our other significant concern.

I have been using Venafi for about two years in my career. I am not currently using it at my current job, but rather at my previous position.

I have no issues about Venafi's stability; it demonstrated good stability.

Venafi's scalability was good as well.

I have contacted Venafi's technical support and customer support. We worked with their consulting group during implementation. I went through the whole implementation phase and they were very effective. For Venafi's support, I would rate them eight or nine out of ten.

I have not used any alternatives to Venafi; nothing at that scale of management.

It took me about six months to a year to fully deploy Venafi across the entire enterprise.

The implementation involved a whole team operation with approximately five or six people in total, including myself, several colleagues, and consultants.

The mean time to respond was significantly reduced with Venafi.

When I was working with Venafi, I was working in financial services as a user of the product and not a partner of Venafi. On a scale from 1 to 10, I would rate Venafi overall for everything an eight.

We use Venafi for PKI certificates.

Venafi's overall installation could be made easier. You have to install the client, then go to the console and push the certificate.

I have been using Venafi for three to four months.

More than 10,000 users are using Venafi in our organization.

Venafi was deployed in less than 30 minutes. I did Venafi's deployment by myself, but we had to go through some processes to get the PKI certificate for the enterprise side. Then, they create the certificate, and we deploy it.

Venafi has some additional functionalities for managing PKI certificates compared to other certificate deployment products. I would recommend Venafi to other users.

Overall, I rate Venafi an eight out of ten.

We use this product for our clients' server authentication and application ID certificate. We create the certificate so that when a user tries to access an application, it looks for that specific certificate based on the volume information and it authenticates on that basis. I'm a lead system operation engineer and we are customers of Venafi. 

If you want to automate anything, renew the certificate and apply to whatever environment you need, whether it is on-premise or cloud, automation is possible. You just need to have your integration set up. Venafi takes care of automatically renewing and deploying your certificate so that you don't need to worry when it expires. It also minimizes downtime and has good integration. 

For Java applications, we currently convert the certificate in JKS manually. It would be helpful to have the capability to download certificates in JKS automatically. Venafi only provides CER and no other format. They provide an option for JKS, but that certificate doesn't work because of some configuration issues. 

I've been using this solution for six years. 

The solution is stable.

We didn't test the scalability but I believe it has that capacity. We have 500 users. 

The customer support was great. 

Positive

I previously used the Microsoft SSL ADMIN tool. The difference between the two is that with Venafi, if you have access to policy, you can create, delete, import and export anything within the tool. With SSL ADMIN, unless you own the certificate, you can't make any changes to that specific activity. If you've been designated as the 'owner' and you leave the company, it's hard to change ownership. Venafi is much more flexible because it allows you to add a group instead of individuals. Even if someone leaves the group, it doesn't affect the system.

The initial setup is straightforward although it does require some security training to gain access. 

I rate this solution nine out of 10. 

In terms of how Venafi has improved our customers' organizations, the most important thing is that it reduces the risk of the outage of some of their IT systems. Sometimes these systems would be directly connected to the revenue generating activities that the client may have. So that risk reduction that can be directly calculated into money for our clients. If their IT system that is connected to production is down one day, they will know exactly how much it would cost them. So, from the perspective of risk reduction, it can be directly quantified in the value for the customer. If I was going to single out the most important feature, that would be probably be it.

The feature that I have found most valuable is their certificate discovery.

The user interface could be always improved. But I am a technologist, so I don't care so much about user interface, but the importance that it is user friendly is always appreciated by customers.

In terms of additional features I would like to see included in the next release of Venafi, I would say integration with the cloud HSM's, Hardware Security Module. Additionally, I would say other cloud services, because it is not only cloud that's essential. If you have a customer that has a lot of their IT moved into cloud, integration with different cloud services is always an area to improve.

I haven't heard negative things about the stability.

In terms of scalability, given that we were in the situation where it was on-prem, there were certain limitations there. But I guess on the cloud they should not have limitations.

To my knowledge, it began with the initial proto-concept. After that, there were some professional services needed to fine tune and integrate with everything that the customer wanted.

From the top of my head, I think it took less than two months, maybe 6, 7, or 8 weeks, but about two months or less.

The technical team needed for the installation really depends on the customer's prior knowledge. If they have a good technical team, then the things are much easier. If they don't have... 

The technical team includes engineers, architects, managers, and administrators for different stages. I guess the architects and system administrators are also involved in the process of purchasing and evaluating if it's a good fit for them. Then the architects are not necessarily needed anymore, but you would have system administrators involved given that certain privileges must be given to this system in order to operate correctly. And then you would have your general IT security administrators for ongoing monitoring of what the Venafi system provides you. This can be taught. You don't have to have a PhD in cryptography to understand this, just be a regular IT business person who has specialized a little bit on security issues. I think they can comfortably master this.

As I mentioned, there is the risk reduction. If they see the risk reduction, then I think they should go for Venafi or a similar solution. Of course, as products improve and prices go down, even more so. But it is way better to have this kind of solution compared to not having anything, because I see from the IT security business that I have been working in almost 30 years now, if they are not running this or a similar type of solution, they are just asking for trouble. It's more a question of when an outage will happen, than if. So, coming back to the risk reduction, depending of course on the size of the company and their revenues and what type of critical systems they have, they all need to make their decision. But at the end of the day, the vast majority of the customers will see a return on investment if they value the risk reduction.

Our customers need to pay for a license, and understanding the pricing and how it might develop in the future is a bit of a pain point. But, it is not too complex either. Sometimes people ask the vendors to predict the future, whereas they themselves cannot provide enough of the information to the vendor in order to be able to estimate correctly. So it kind of goes both ways. I would say the price is fairly good. Is it perfect? No. Is it the worst I've ever seen? Absolutely not.

I would say Venafi is definitely among the three most important vendors in this area.

On a scale of one to ten, I would give Venafi a seven.