Secret Management Architectures
Your SlideShare is downloading.
×
Check these out next
Recommended
More Related Content
Slideshows for you (20)
Similar to The Rise of Secrets Management (20)
Recently uploaded (20)
The Rise of Secrets Management
- 1. Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Oded Hareven, CEO & Co-founder @ Akeyless Oded@akeyless.io {Ret. Captain, Israel Defence Forces, CyberSecurity Identity Management, PAM, Information Security Infrastructure Dev, Product, Ops} The Rise of Secrets Management
- 2. Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Unique Zero- Knowledge KMS Technology Akeyless DFC™ Secrets Management SaaS Platform Akeyless Vault Platform Secrets Management as-a-service Serving market leaders enterprises Pharma, Insurance, Adtech, Online, E- commerce, Gaming
- 3. 3 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Data encryption Step #1: Protecting Data • Access Control • Control who can access the data? • How to validate his identity? • Data Encryption • Control who can access the key? • How to validate her identity? Data Access Control
- 4. 4 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Step #2: Identity Validation • Requires Authentication • Human • Machine • Using something that only the human/machine has • Secret = {password, credentials, api-key, certificate, ssh-key} • If you can’t keep a Secret - you can’t protect your Data... Password DB password DB User Application
- 5. 5 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Step #3: Privileged Access • Beyond application access • Who’s controlling my workloads? • Internal/external personnel • Can they impersonate? • Admin can do everything... • PAM • Control human admin access - session recording • Regulation and compliance • Secrets Repository • Default admin passwords rotation Password DB password DB User Application Admin OS Admin OS Admin Password Password
- 6. 6 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Step #4: Root-of-Trust • Using an Encryption key to encrypt secrets & data +Using signing key to sign TLS/SSH Certificates = identities • Where to place the key? • Configuration - bad practice • Local store - not secured enough • KMS - good start • HSM - considered to be most secure • Secret-zero: accessing the key requires a secret? The chicken and the egg... Hardware Security Module
- 7. 7 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Step #5: Interconnectivity & overlapping HSM Root of trust KMS PAM SSH Mng. Certificate Mng.
- 8. 8 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Trends that encourage the massive use of secrets 1. Containerization 2. Hybrid & multi-cloud 3. DevOps, CI/CD, Automation 4. Zero-Trust Passwords Certificate API-Keys SQL Credentials AES Encryption RSA Signing Key SSH Key And then came the cloud. Proprietary and Confidential
- 9. Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Secrets Sprawl: Clear-text, unprotected Source Code DevOps Scripts Configuration Files x myScript { // App.Config DB password = “T0pSecr3t” API_Key_AWS = “Cl3aRt3xt$!” } x //myconfig < // App.Config Access_Token = “T0pSecr3t” API_Key_GCP = “Cl3aRt3xt$!” /> x Void myCode( ) { // App.Config Encryption_Key = “aKey43!t” API_Key_Azure = “Cl3a3xt$!” } Secrets are used also within workload management platforms
- 10. 10 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 IAM have never been easier • Ephemeral resources + Automation + IaC • Perimeter-less world = data is everywhere • Root-of-trust in a non-trusted distributed architecture • Privileged Access (Remote, WFH, COVID-19)
- 11. Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 11 Report:"Managing Machine Identities, Secrets, Keys and Certificates" Published: 24 August 2020 Analyst: Erik Wahlstrom Source: Akeyless is mentioned in this Gartner’s report, p16. under “secrets management solutions”
- 12. Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Secrets Management Fetch Secrets from any platform, script or application ***** ***** ***** API / SDK / CLI / Plugins Customer Application Customer Database 3rd-party Service API Password = “Pass12#” Applications Encrypted Secrets Store Human DevOps, IT, Developers Secrets Management
- 13. 13 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 First: Integrate with everything Authentication via LDAP SAML OpenID Direct channels Platforms Plugins (examples) Machine authentication Human authentication
- 14. 14 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 World-wide availability • Scalability • Multi-region / multi cloud • Disaster Recovery: Replication, Backup • Highly Available Consider: Self-deployment vs. SaaS
- 15. 15 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Existing solutions varies HSM Root of trust KMS PAM SSH Mng. Certificate Mng. SM
- 16. 16 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Existing solutions varies HSM Root of trust KMS PAM SSH Mng. Certificate Mng. SM
- 17. 17 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Existing solutions varies HSM Root of trust KMS PAM SSH Mng. Certificate Mng. SM
- 18. 18 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Existing solutions varies HSM Root of trust KMS PAM SSH Mng. Certificate Mng. Unified Secrets Management Platform
- 19. Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Thank you. Further questions & thoughts you’d like to share? Mostly invited to drop an email to Oded@akeyless.io
