Protecting Your Company's Secrets in the Cloud-Native Age
December 07, 2017

George Wainblat
Unbound Technology

Modern businesses are migrating to a cloud-based model for hosting sensitive data to reap the benefits of agility and cost savings as well as to keep pace with customer demand. Cloud-Native methodologies such as DevSecOps, continuous delivery, containers and micro-services are essential building blocks in the digital business revolution. However, moving information and technologies from hardware to software poses a security concern – translating to a top challenge for both IT and the C-level, as applications built on top of micro-services and containers in a Cloud-Native environment utilize a wide variety of secrets for their proper functioning.

Define "Secret"

When it comes to cloud-native data and large volumes of information, secrets can come in all forms. Though, secrets can most simply be thought of as anything that if exposed would harm business reputation – much like we've seen in the most recent hacks from HBO, unveiling unaired episodes of Game of Thrones, and the now infamous Equifax breach which exposed millions of sensitive consumer records.

Similarly, cloud-native security has many types of secrets to protect, three of the main types that must be protected in the cloud are:

Sensitive Security Information (SSI) is confidential business materials like revenue and profits, even cyber threat information.

Personally Identifiable Information (PII) is any information that pertains to you as an individual, for example name, address, social security number, etc.

IT Systems Security Information is the information that makes up the technology infrastructure of a company, such as encryption keys (private and symmetric), certificates, and cloud service access credentials (e.g. AWS IAM).

Existing Obstacles

In an effort to not become the "next Equifax" and keep these cloud-native methodologies secure, there are several obstacles IT departments must address:

Secrets proliferation – having various secrets in multiple locations (on-premises, in the cloud and hybrid) make their management cumbersome as the secrets are decentralized and difficult to control. In addition, having secrets managed by different administrators translates to lack of control and commonly results in personnel oversight. Segmented visibility causes the confusion for local administrators because they don't have clarity of the access and usage information by different applications across the organization.

Another challenge organizations are facing are the use of dual infrastructures – legacy IT and modern Cloud-Native environments, in which keys are duplicated in both the classical IT environment as well as in the cloud. The ultimate issue lies in the reality that cloud-native systems cannot securely access resources that are external to the cloud environment.

The third issue is the high level of trust in hardware – causing it to be viewed as the security standard due to its rooted elements for securing secrets. Hardware Security Modules (HSMs) and Trusted Platform Modules (TPMs) do not have an architectural fit in software-defined security due to their physical aspects. However, given the demand for businesses to migrate to the cloud, companies are looking to overcome this obstacle. As such, cloud-native security must be scalable, interconnected and dynamic – and mirror the expanse and capabilities of the cloud methodologies while remaining as secure as hardware.

Businesses Implications

Once realizing that the above obstacles leave holes that can gravely impact business, we must comprehend the possible security breaches that are associated with lack of proper secrets protection.

A data breach, man-in-the-middle attack and certificate or credential theft are just a few examples of the potential types of cyberattacks that can occur when cloud-native secrets are not protected properly. Once hacked, business implications are costly and even devastating. Remembering back the Home Depot and Target breaches – the impact on sales was long-lasting, even for brands of their magnitude. Other implications could be law suits if you are a company who holds sensitive information like home addresses and social security numbers – much like Equifax. According to the research by British insurance company Lloyd, the damage from hacks costs businesses $400 billion a year.

The Software Vault

As potential damage of a breach is seen in reality, a different set of vault-like tools begin to emerge in the Cloud-Native ecosystem for containment of secrets. Encrypted data can rest within the software-defined vault and be transferred to applications as needed – an easy and scalable option for large enterprises. However, in the same way that a physical vault is only as secure as the hiding place of the key that unlocks it, it's content must be protected to ensure the security of the data, as it highly coveted by attackers. To keep vaulted cloud-native secrets secure, encryption keys must be safeguarded, meaning the keys require their own security measures.

There are many obstacles to overcome with a cloud-based security model – securing secrets and sensitive information is paramount in today's risk-prone world. With security breaches becoming more prevalent and brands taking heavy-hits as a result, a software-defined strategy can offer various benefits to modern companies such as scalability, agility and security. Companies who choose to utilize the power of encryption in the cloud need to secure their data in a two-fold process – the data directly and the access to it. The logistics and vastness of the cloud can at times seem daunting but proper security measures can help to make the cloud a viable and safe solution for the enterprise.

George Wainblat is Director of Product Management at Unbound Technology

The Latest

October 16, 2018

More than half of organizations have a dedicated DevOps team to help them better implement agile strategies, accelerate release cycles and ensure continuous development. However, databases have a habit of holding DevOps back ...

October 15, 2018

Test Environment Management can save organizations close to $10,000 for each release, yet only four percent of large enterprises have fully integrated TEM processes into organizational DNA, according to the 2018 Test Environment Management Survey released by EMA and Plutora ...

October 11, 2018

Agile is indeed expanding across the enterprise and there was a significant jump from last year to this year in the percentage of respondents who indicated that all or almost all of their teams were agile, according to the State of Agile 2018 report from CollabNet ...

October 09, 2018

Adopting a modern application architecture is critical to business success and a significant driver of profit growth in today’s digital economy, according to the results of a global survey of IT and business executives released by CA Technologies and conducted by Frost & Sullivan ...

October 04, 2018

How do you integrate tools to enable shift-left performance? The following tools will simplify maintenance, can be managed in a centralized way, and provide an easy-to-use UI to comprehend results ...

October 03, 2018

Focusing at the API layer of an application can help enable a scalable testing practice that can be efficiently executed as part of an accelerated delivery process, and is a practice that can be adopted and enabled at the earliest possible stages of development — truly shifting left functional testing. But what about performance testing? How do we enable the shift left of nonfunctional testing? Here, we explore what this means and how to enable it in your organization ...

October 01, 2018

As businesses look to capitalize on the benefits offered by the cloud, we've seen the rise of the DevOps practice which, in common with the cloud, offers businesses the advantages of greater agility, speed, quality and efficiency. However, achieving this agility requires end-to-end visibility based on continuous monitoring of the developed applications as part of the software development life cycle ...

September 27, 2018

Imagine that you are tasked with architecting a mission-critical cloud application. Or migrating an on-premise app to the cloud. You may ask yourself, "how do the cloud savvy companies like Airbnb, Adobe, SalesForce, etc. build and manage their modern applications?" ...

September 26, 2018

In a DevOps evolution, there are many paths to success, but even more that lead to failure, according to the 2018 State of DevOps Report from Puppet ...

September 24, 2018

From how applications and infrastructure are developed, configured and built to how they are tested and deployed, pervasive automation is the key to achieving better efficiency and standardization that gives companies the competitive edge. Pervasive automation is the concept of scaling automation broadly and deeply across the entire software delivery lifecycle ...

Share this