Downloaded 14 times
Uploaded byAkeyless
The Rise of Secrets Management
Akeyless Security Ltd. outlines its zero-knowledge secrets management SaaS platform, emphasizing the importance of secure data encryption, identity validation, and privileged access management. The document highlights trends increasing the use of secrets in various industries and presents strategies for managing secrets in a hybrid cloud environment. It concludes with an invitation for further inquiries regarding their solutions.
In this document
Powered by AI
Oded Hareven introduces the presentation, highlighting Akeyless, its security credentials, and the importance of secrets management.
Presentation of Akeyless DFC™ secrets management as a SaaS platform catering to industries like Pharma and E-commerce.
Step #1 highlights data protection through access control and data encryption fundamentals.
Step #2 discusses the necessity of identity validation in ensuring data security via secrets.
Step #3 emphasizes privileged access management, controls, and compliance in data security.
Step #4 focuses on using key management systems (KMS) and hardware security modules (HSM) for encryption.
Step #5 discusses interconnectivity aspects between HSM, KMS, and privileged access management.
Trends promoting secrets management include containerization, cloud computing, and automation.
Discusses the risks of clear-text secrets within source code, scripts, and configuration files.
IAM is simplified due to ephemeral resources and a shift towards a perimeter-less data environment.
Mentions Akeyless in the Gartner report on managing machine identities and secrets.
Outlines how secrets can be fetched from various platforms using APIs and plugins.
Focuses on the need for integration with various authentication methods like LDAP and SAML.
Details on Akeyless's scalability, multi-region capabilities, and disaster recovery plans.
Discussion of varied existing solutions in secrets management like HSM, KMS, and PAM.
The necessity for a unified platform for effective secrets management.
Closing slide inviting questions and providing contact information for further communication.
More Related Content
Similar to The Rise of Secrets Management
![Essential Guide to Protect Your Data [Key Management Techniques]](https://cdn.slidesharecdn.com/ss_thumbnails/keymanagementtechniques-sisapresentationatgesconference-150514060435-lva1-app6891-thumbnail.jpg?width=640&height=640&fit=bounds)
![[BDD 2025 - Mobile Development] Mobile Engineer and Software Engineer: Are we...](https://cdn.slidesharecdn.com/ss_thumbnails/md-mobileengineerandsoftwareengineerarewestillrelevantsidiqpermana-251127010650-55224ef1-thumbnail.jpg?width=640&height=640&fit=bounds)
The Rise of Secrets Management
- 1. Proprietary and Confidential,Akeyless Security Ltd ©️ 2021 Oded Hareven, CEO & Co-founder @ Akeyless Oded@akeyless.io {Ret. Captain, Israel Defence Forces, CyberSecurity Identity Management, PAM, Information Security Infrastructure Dev, Product, Ops} The Rise of Secrets Management
- 2. Proprietary and Confidential,Akeyless Security Ltd ©️ 2021 Unique Zero- Knowledge KMS Technology Akeyless DFC™ Secrets Management SaaS Platform Akeyless Vault Platform Secrets Management as-a-service Serving market leaders enterprises Pharma, Insurance, Adtech, Online, E- commerce, Gaming
- 3. 3 Proprietary and Confidential,Akeyless Security Ltd ©️ 2021 Data encryption Step #1: Protecting Data • Access Control • Control who can access the data? • How to validate his identity? • Data Encryption • Control who can access the key? • How to validate her identity? Data Access Control
- 4. 4 Proprietary and Confidential,Akeyless Security Ltd ©️ 2021 Step #2: Identity Validation • Requires Authentication • Human • Machine • Using something that only the human/machine has • Secret = {password, credentials, api-key, certificate, ssh-key} • If you can’t keep a Secret - you can’t protect your Data... Password DB password DB User Application
- 5. 5 Proprietary and Confidential,Akeyless Security Ltd ©️ 2021 Step #3: Privileged Access • Beyond application access • Who’s controlling my workloads? • Internal/external personnel • Can they impersonate? • Admin can do everything... • PAM • Control human admin access - session recording • Regulation and compliance • Secrets Repository • Default admin passwords rotation Password DB password DB User Application Admin OS Admin OS Admin Password Password
- 6. 6 Proprietary and Confidential,Akeyless Security Ltd ©️ 2021 Step #4: Root-of-Trust • Using an Encryption key to encrypt secrets & data +Using signing key to sign TLS/SSH Certificates = identities • Where to place the key? • Configuration - bad practice • Local store - not secured enough • KMS - good start • HSM - considered to be most secure • Secret-zero: accessing the key requires a secret? The chicken and the egg... Hardware Security Module
- 7. 7 Proprietary and Confidential,Akeyless Security Ltd ©️ 2021 Step #5: Interconnectivity & overlapping HSM Root of trust KMS PAM SSH Mng. Certificate Mng.
- 8. 8 Proprietary and Confidential,Akeyless Security Ltd ©️ 2021 Trends that encourage the massive use of secrets 1. Containerization 2. Hybrid & multi-cloud 3. DevOps, CI/CD, Automation 4. Zero-Trust Passwords Certificate API-Keys SQL Credentials AES Encryption RSA Signing Key SSH Key And then came the cloud. Proprietary and Confidential
- 9. Proprietary and Confidential,Akeyless Security Ltd ©️ 2021 Secrets Sprawl: Clear-text, unprotected Source Code DevOps Scripts Configuration Files x myScript { // App.Config DB password = “T0pSecr3t” API_Key_AWS = “Cl3aRt3xt$!” } x //myconfig < // App.Config Access_Token = “T0pSecr3t” API_Key_GCP = “Cl3aRt3xt$!” /> x Void myCode( ) { // App.Config Encryption_Key = “aKey43!t” API_Key_Azure = “Cl3a3xt$!” } Secrets are used also within workload management platforms
- 10. 10 Proprietary and Confidential,Akeyless Security Ltd ©️ 2021 IAM have never been easier • Ephemeral resources + Automation + IaC • Perimeter-less world = data is everywhere • Root-of-trust in a non-trusted distributed architecture • Privileged Access (Remote, WFH, COVID-19)
- 11. Proprietary and Confidential,Akeyless Security Ltd ©️ 2021 11 Report:"Managing Machine Identities, Secrets, Keys and Certificates" Published: 24 August 2020 Analyst: Erik Wahlstrom Source: Akeyless is mentioned in this Gartner’s report, p16. under “secrets management solutions”
- 12. Proprietary and Confidential,Akeyless Security Ltd ©️ 2021 Secrets Management Fetch Secrets from any platform, script or application ***** ***** ***** API / SDK / CLI / Plugins Customer Application Customer Database 3rd-party Service API Password = “Pass12#” Applications Encrypted Secrets Store Human DevOps, IT, Developers Secrets Management
- 13. 13 Proprietary and Confidential,Akeyless Security Ltd ©️ 2021 First: Integrate with everything Authentication via LDAP SAML OpenID Direct channels Platforms Plugins (examples) Machine authentication Human authentication
- 14. 14 Proprietary and Confidential,Akeyless Security Ltd ©️ 2021 World-wide availability • Scalability • Multi-region / multi cloud • Disaster Recovery: Replication, Backup • Highly Available Consider: Self-deployment vs. SaaS
- 15. 15 Proprietary and Confidential,Akeyless Security Ltd ©️ 2021 Existing solutions varies HSM Root of trust KMS PAM SSH Mng. Certificate Mng. SM
- 16. 16 Proprietary and Confidential,Akeyless Security Ltd ©️ 2021 Existing solutions varies HSM Root of trust KMS PAM SSH Mng. Certificate Mng. SM
- 17. 17 Proprietary and Confidential,Akeyless Security Ltd ©️ 2021 Existing solutions varies HSM Root of trust KMS PAM SSH Mng. Certificate Mng. SM
- 18. 18 Proprietary and Confidential,Akeyless Security Ltd ©️ 2021 Existing solutions varies HSM Root of trust KMS PAM SSH Mng. Certificate Mng. Unified Secrets Management Platform
- 19. Proprietary and Confidential,Akeyless Security Ltd ©️ 2021 Thank you. Further questions & thoughts you’d like to share? Mostly invited to drop an email to Oded@akeyless.io