To better help its customers achieve enterprise-wide machine identity protection, Venafi has implemented new usage analytics capabilities in v17.3 and higher of the Venafi Trust Protection Platform.
Q: What has changed in 17.3?
A: Starting with Trust Protection Platform 17.3, Venafi collects usage analytic data two ways. The first, which was found in previous versions of Venafi Trust Protection Platform, is through the Usage Report (Reports > Opt-In Reports > Usage Report). The usage Report sends metadata about your environment to Venafi via a CSV file attached to an email message.
The second, which is new in 17.3, is through web analytics tracking data. When users interact with the Aperture and Web Administration consoles, analytic data is sent by the browser to Venafi with information on features used. This web analytics tool also allows Venafi to provide users with custom notifications about available upgrades and real-time security notifications.
Venafi uses this analytic data to improve the product, based on understanding of how existing features are currently being used.
Q: How does my providing this new Usage Report and web analytics tracking data to Venafi benefit me?
A: The data that you share with Venafi will directly influence the evolution of the platform in ways that will better serve your organizational needs and will result in benefits such as:
- New Venafi patch alerts for your specific version of Venafi Trust Protection Platform
- Real-time security notifications that allow you to reduce security risk
- Interactive help and training guidance to help you improve use of the Venafi Platform
- New and enhanced features based on behavioral data of users
- Accelerated ROI with recommended Venafi Platform features and use cases
- Increased Venafi Platform knowledge with contextual, guided training alerts
- Increased ability to meaningfully influence development of the Venafi Platform based on aggregated, real life usage analytics
Q: Is participation required?
A: No, your participation is not required and you can opt out of sharing this data with Venafi, but we hope you will allow us to collect important statistics that will enhance our ability to improve our products for you.
Many websites track usage data using similar web analytics tools, often without asking your permission. Venafi values transparency, and in addition to making clear what we are doing with web analytics, we are taking the additional step of giving you the choice of whether to allow us to collect the data from your organization.
Q: What are the advantages of sending the usage report and analytic data to Venafi?
A: In addition to other benefits described elsewhere in this FAQ, our ability to collect aggregate statistics helps us to improve software, prioritize work based on features that customers are actively using, and troubleshoot issues. We do not expose any information received from you.
Uploading the data will increase the chances of Venafi Customer Support predicting issues before they have significant impact and proactively reaching out, while also helping Venafi avoid deprecation of features that are actively used by customers.
Q: What is the exact data that is being collected and sent in the Usage Report?
A: Usage data contains certain environment settings (for example, the amount of available RAM, HDD, and processor cores) for Venafi Trust Protection Platform and the database server, and aggregate statistics on Venafi Trust Protection Platform data, such as the overall count of certificates, SSH keys, policies, and users. No sensitive or personally identifiable data, such as IP and email addresses, hostnames, and usernames is being sent.
The full list of information that is being sent is available in the documentation. (You'll be required to sign in first.)
You can always review the data that is being sent by the Usage Report by downloading the report from the Web Administration console.
- What web analytic data is being collected through the users' browsers and transmitted to Venafi?
- The web analytic software tracks a user's IP address, the URL of the page visited, and information about where on a page a user clicks. The analytics platform does not collect any user-entered text or information within form fields in your application. The names of fields, buttons, and other elements within the page are captured with the application data which makes for easier tracking, but no user-supplied information is included.
Q: How secure is the data upload sent in the Usage Report?
A: The Usage Report is being sent via email to as an email attachment to email@example.com. We recommend that you enable the use of TLS for mail delivery from the Venafi Trust Protection Platform to your company mail server. You can do this in the Reporting Module settings (documentation link).
Encryption of traffic from your company mail server to Venafi’s mail server is controlled by the settings on your company mail server. Note that no sensitive data is being sent.
- How secure is the web analytic data collected by the browsers and transmitted to Venafi?
- All of the application data collected by the web analytic tracking provider is transmitted over SSL/TLS, encrypted, and stored securely. The data is stored in Google’s AppEngine where it shares the same infrastructure as Google’s primary services. The AppEngine allows the system to operate in a robust, fully multi-tenant infrastructure with the same reliability, performance, and security characteristics as Google’s own offerings. Google AppEngine is SOC 2, SOC 3, ISO 27001, FISMA, and PCI compliant, and Google completes multiple independent security audits annually.
Q: Is Internet access from the Venafi Trust Protection Platform host to the Venafi site required?
A: No. The Usage Report data is sent via email through your company mail server so the Venafi Trust Protection Platform host does not require Internet access for this feature. Web analytic data comes from a user's web browser, in the same way Google Analytics tracks information.
Q: What configuration do I need to enable data upload?
A: In addition to opting in to send data in the Venafi Control Center, you need to set up email delivery for a reporting module. Note that this is also required for email delivery of Venafi Trust Protection Platform reports, such as custom or expiration reports (documentation link).
- How do I disable or enable usage statistics and analytic data?
- In the Venafi Control Center (VCC), you have the option to enable the gathering of usage statistics and analytic data. If you opt to share this data with Venafi, you can also opt to share your organization name with the data. This will make it easier for the Venafi team to customize our offerings to you, based on the services your organization utilizes.
- Where do I go if I have more questions?
- If you have questions about how we use this data, we encourage you to contact Venafi Customer Support.
- Can I see a sample Usage Report of the data that will be sent vial e-mail?
- The following table shows a sample usage report, and the data that is sent in a .CSV file attached to the email to firstname.lastname@example.org.