Secure Cloud Native Applications

Give your cloud-native apps secure access to crypto keys and secrets

( let’s talk )

Secrets in the Clear:
The Danger of Going Cloud-Native

Cloud-native methodologies such as DevOps, continuous integration/delivery, containers and microservices are an essential building block in the digital business revolution, however, they have created a unique security challenge due to the abstraction of the hardware and the stack.

For example, crypto keys that previously resided in an HSM in a legacy application, are now typically stored encrypted in a central vault. However, when used by an application, they’re decrypted and often exposed in the clear, vulnerable to compromise by an attacker.

Another challenge is that containers, which include only a fraction of the stack, don’t have good methods for storing and protecting identity for accessing secrets. How the challenge of secure access to sensitive resources containing encryption keys can be solved, eliminating access by weakly identified containers?

Container-Level Cryptography & Secrets Management

Unbound is a tech enabler, allowing organizations to fully embrace cloud-native methodologies without compromising security and trust. Based on Unbound’s platform-agnostic Distributed Trust Platform and container identities at a security level comparable to a hardware root of trust.

Managing Secrets & Crypto Keys – Unbound is different than traditional software-based schemes that use the private key and either keep it in memory or attempt to obfuscate it. Instead, with Unbound, secrets are never in the clear at any point in their lifecycle. Containers can securely use various secrets without ever being exposed to them in clear form.

Virtual TPM for Containers – Unbound allows containers to securely and swiftly acquire strong identity and PKI credentials that can then be used to access Unbound Key Control, providing unmatched security for consuming cryptography, effectively creating a local virtual TPM (Trusted Platform Module) for each container.  Unbound also lets you assign identity at any level of granularity, such as application, pod or container.

Pure-software solution that achieves hardware-grade security

No dependency on underlying hardware and physical infrastructure (e.g. HSM)

Central key management and audit across distributed environments

Infinitely scalable to support vast cloud-native environments

No changes in the application or the container orchestration platform are required

Platform agnostic – support of any PaaS or container orchestration platform

Here’s how it works:

Container-Level Cryptography & Secrets Management

Unbound Key Control (UKC) allows cloud native applications to access various secrets without allowing the application to use them in clear-text. Based on Unbound’s Distributed Trust Platform, UKC protects different types of secrets, such as cryptographic keys, passwords, tokens and many more.

In addition, a real-time tamper-proof audit log that logs every secret operation is available. Being a software-only solution, it supports cloud native applications across any environment, including different cloud service providers, on premises and private clouds.

Container Level Cryptography

Want to Learn More?