• Security
  • Posted by Oded Hareven

  • October 12, 2021

Redefining Root of Trust For The Cloud Era (Part 2)

Cloud computing has brought irreversible changes and improvements to the way we share information and conduct business. However, it has also introduced new cybersecurity threats, that if left unaddressed, can result in irreversible damage to a company’s reputation and position in the market.

Encryption has been used as a primary defense against data theft, whether it’s in transit, at rest, or in use. It offers several key advantages to include:

  • Protecting sensitive information
  • Validating and authenticating users
  • Signing digital certificates for online transactions

Maintaining digital security through the use of mechanisms like encryption helps prevent costly data breaches. And digital security starts with keeping encryption keys safe and leveraging a Root of Trust methodology.

What is Root of Trust and how do companies maintain it in today’s hybrid & multi-cloud era?

Root of Trust is a core component of a sound encryption strategy. And while there are many ways to implement encryption, the basic idea is that data is encrypted in order to make it unreadable without an encryption key. However, you need to protect the encryption key itself, and, if you encrypt the key, then you have yet another key to protect. This predicament is commonly referred to as the “Secret Zero Problem.”

At the end of this chain of keys is a single root key, the one that you must protect at all costs. Ensuring this root key is never compromised is the primary goal of Root of Trust. However, most organizations have multiple root keys for different parts of the organization, which all need to be accounted for and protected.

HSMs Are the Solution… Or Are They?

Traditionally, hardware has been considered to be more impenetrable than software. Therefore, storing encryption keys on hardware devices, known as Hardware Security Modules (HSMs), has been regarded as a best practice.

HSMs can take several forms:

  • USB sticks
  • Extension cards
  • Separate appliances
  • Public cloud rentals

As the reliance on modern technology (i.e., cloud, containers, microservices) in the workplace has increased , so has the need for greater computing power and advanced methods of cybersecurity.. Likewise, the evolution of workplace technology has quickly outpaced the capabilities of conventional HSMs.

Why You Need More Than Hardware Root of Trust Now

The days of trusting a single security perimeter are behind us. Today there is a growing demand for dynamic cloud and container-based computing environments, with workloads constantly being spun up and down and moved across networks. Additionally, the costs of maintaining the on-premises infrastructure required to achieve high-performance while ensuring a secure, zero-trust environment, have stretched HSMs beyond their limit.

Many developments led to this trend.

Recent Attacks on HSMs

Hardware isn’t as impenetrable as it used to be and cybercriminals have become more sophisticated. For instance:

  • You’ve probably heard of hardware-based attack vectors like Meltdown and Spectre that targeted the vulnerabilities in microprocessor architecture.
  • Certain HSMs have had their secrets and keys stolen from hacking attempts.
  • Even Intel’s solution known as Software Guard Extensions (SGX) which adds a small HSM in every CPU has fallen victim to certain attacks.

A new approach is needed for organizations operating highly complex and dynamic workloads.

Scaling Up Resources Must Be a Priority

Part of the appeal of cloud computing is that it allows businesses to scale up their own computing resources depending on real-time needs.

HSMs were not designed to automatically scale. For instance, a storefront that expects a large number of online transactions over Cyber Monday must maintain enough HSMs to meet that demand, even if the sudden spike only occurs once a year. Resources are wasted when those HSMs go unused.

The Need For Business Agility

Accessibility is key, and Root of Trust must align with it. Organizations today work across a variety of cloud environments, from public clouds to on-premises resources and everything in between. It is essential that data and services can be accessed across all of these environments. Similarly, Root of Trust must be just as flexible to accommodate that type of accessibility.

Not only do on-site HSMs lack the scalability needed to support dynamic and complex IT environments, but they also require you to allow third-party access to your private network, which presents a significant liability.

Loss of Control

A disadvantage of cloud-based HSMs that administrators are well aware of, is the inherent loss of control. HSMs offered by cloud service providers (CSPs) require relinquishing your keys and sensitive information to a third-party. This results in a new vulnerability, which can lead to large-scale supply chain attacks. Some CSPs attempt to mitigate it through Shared Responsibility Models, which attempts to split the control between the customer and the provider, but the threat still lingers.

Future Evolution of the Root of Trust Model

It’s clear that establishing Root of Trust at the HSM-level, especially on-premises, will fall short in hybrid and multi-cloud environments.

So how can security teams overcome these challenges? Experts say security teams should focus on a few key features:

  1. Accessibility. No matter where you are or whether your doors are open, accessing authentication across all your channels must be available at any time.
  2. Auto-scaling. Ensure that you are paying an even amount per use of the HSM regardless of current demand. Scaling up needs according to demand is one of the greatest selling points of cloud services.
  3. Full control. Insist on having exclusive ownership over your encryption keys. No one cares more about your protection than your own business.

Finally, don’t forget about security certification standards set by international entities. An example is the US NIST FIPS 140.2, which requires hardware-level protection for certain high-risk environments.

Akeyless’ Holistic Approach

What do popular DevOps tools like Kubernetes, Terraform, Ansible, Chef, Artifcatory, and Jenkins all have in common? All their secrets can be managed through the Akeyless Vault Platform.

Moreover, Akeyless acts as both a virtual HSM and KMS to provide enhanced encryption key lifecycle management.

Akeyless is the go-to secrets management solution that supports a wide variety of IT environments and DevSecOps use cases.

See the Akeyless Vault in Action