SlideShare a Scribd company logo

The Key to Strong Cloud Security

Download as PPTX, PDF
Akeyless, profile picture
Akeyless

The document discusses the challenges and solutions related to secrets management in cloud security, emphasizing the importance of privileged access, identity validation, and data encryption in the hybrid and multi-cloud environments. It highlights the role of Akeyless's secrets management platform, which aids enterprises in managing machine identities, secrets, keys, and certificates securely and effectively. Additionally, it addresses the risks associated with unprotected secrets and outlines best practices for ensuring secure access control and compliance.

Technology
Related topics:
Cloud Security Insights Information Security
1 of 16
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Oded Hareven, CEO & Co-founder @ Akeyless Oded@akeyless.io {Ret. Captain, Israel Defence Forces, CyberSecurity Identity Management, PAM, Information Security Infrastructure Dev, Product, Ops} The Key to Strong Cloud Security
Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Akeyless DFC™ Virtual HSM Unique KMS Zero- Knowledge Technology, built for Hybrid era Unified SaaS IAM (1) Secrets Management (2) Secure Remote Access (3) Data Protection Akeyless Vault Platform Workload Identity Orchestration Serving market leaders enterprises Pharma, Software, Adtech, Online, E-commerce, Gaming Globally Available SaaS
3 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Challenges of the DevOps and Cloud Era • Ephemeral resources + Automation + IaC • Multiple environments • Hybrid Authentication • Perimeter-less world = data is everywhere • Root-of-trust in a non-trusted distributed architecture • Privileged Access (Remote, WFH, COVID-19)
4 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Admin Password PKI Certificate Application API-Key SQL Credentials AES Encryption RSA Signing Key SSH Key In short, it’s an IAM Chaos. Credentials SSH Certificate Trends that encourage the Massive use of Secrets 1. Containerization 2. Hybrid & multi-cloud 3. DevOps, CI/CD, Automation 4. Zero-Trust
5 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Data encryption Step #1: Data Protection & Access Control • Access Control • Control who can access the data? • How to validate her identity? • Data Encryption • Control who can access the encryption key? • How to validate his identity? Data Access Control
6 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Step #2: Identity Validation • Requires Authentication • Human • Machine • Using something that only the human/machine has • Secret = {password, credentials, api-key, certificate, ssh-key} • If you can’t keep a Secret - you can’t protect your Data... Password DB password DB User Application
7 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Step #3: Privileged Access • Who’s controlling my workloads? • Software Developers, DevOps Engineers, IT Architects • External vendors • Can they impersonate? • Admin can do everything... • PAM • Regulation and compliance • Session recording - Control human admin access • Secrets Repository • Default admin passwords rotation • Automation = Machines’ Privileged Access Password DB password DB User Application Admin OS Admin OS Admin Password Password
8 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Step #4: Root-of-Trust • Using an Encryption key to encrypt secrets & data +Using signing key to sign TLS/SSH Certificates = identities • Where to place the key? • Configuration - bad practice • Local store - not secured enough • KMS - good start • HSM - considered to be most secure • Secret-zero: accessing the key requires a secret? The chicken and the egg... Hardware Security Module
Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Secrets Sprawl: Clear-text, unprotected Source Code DevOps Scripts Configuration Files x myScript { // App.Config DB password = “T0pSecr3t” API_Key_AWS = “Cl3aRt3xt$!” } x //myconfig < // App.Config Access_Token = “T0pSecr3t” API_Key_GCP = “Cl3aRt3xt$!” /> x Void myCode( ) { // App.Config Encryption_Key = “aKey43!t” API_Key_Azure = “Cl3a3xt$!” } Secrets are used also within workload management platforms
Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 10 Report:"Managing Machine Identities, Secrets, Keys and Certificates" Published: 24 August 2020 Analyst: Erik Wahlstrom Source: Akeyless is mentioned in this Gartner report as a key player in the Secrets Management realm, p16. under “secrets management solutions”
Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Secrets Management Fetch credentials, certificates and keys from any client - platform, script or application ***** ***** ***** API / SDK / CLI / Plugins Customer Application Customer Database 3rd-party Service API Password = “Pass12#” Applications Encrypted Secrets Store Human DevOps, IT, Developers Secrets Management
12 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Multi-channel Integration and Authentication Authentication via LDAP SAML OpenID Direct channels Platforms Plugins (examples) Machine authentication Human authentication
13 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Availability and Scalability What happens when all your workloads and employees are using a centralized Secrets Management system? • Ensure Service Continuity • Multi-region / hybrid / multi cloud • Disaster Recovery, Replication, Backup, Monitoring • Complex IT project • Consider: Self-deployment vs. SaaS
14 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Data encryption Yet this is not all…. Data Access Control
15 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Just-in-time temporary credentials +SSH, RDP, Kubectl, SQL, Web applications and more... Isolated Session +Session Recording & transcript Zero-Trust Privileged Access / PAM 2.0 How to provide a Secure Workload Access? External Access Employee/Vendor Internal Resources Linux Servers Windows servers Databases Web applications Private Network Public Network SSH Tunnel Identity Providers Via LDAP, SAML, OpenID Customer Side *TrustScore Ready internal Access Employee
Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Thank you. Further questions & thoughts you’d like to share? Mostly invited to drop an email to Oded@akeyless.io

More Related Content

PDF
Kubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
Akeyless
 
PPTX
Kubernetes Secrets Management - Securing Your Production Environment
Akeyless
 
PPTX
IBM Secret Key management protoco
gori4
 
PPTX
The Rise of Secrets Management
Akeyless
 
PDF
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Mary Racter
 
PDF
Secrets as Code
Johann Gyger
 
PDF
Automation Patterns for Scalable Secret Management
Mary Racter
 
PDF
Hardening Kubernetes Cluster
Knoldus Inc.
 
Kubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
Akeyless
 
Kubernetes Secrets Management - Securing Your Production Environment
Akeyless
 
IBM Secret Key management protoco
gori4
 
The Rise of Secrets Management
Akeyless
 
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Mary Racter
 
Secrets as Code
Johann Gyger
 
Automation Patterns for Scalable Secret Management
Mary Racter
 
Hardening Kubernetes Cluster
Knoldus Inc.
 

What's hot (19)

PPTX
Secret Management Architectures
Stenio Ferreira
 
PPTX
Let's get started with passwordless authentication using windows hello in you...
Chris Ryu
 
PDF
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Akeyless
 
PDF
Streamline CI/CD with Just-in-Time Access
Akeyless
 
PPTX
Global Azure Bootcamp 2017 - Azure Key Vault
Alberto Diaz Martin
 
PDF
Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...
Bloombase
 
PDF
Recipe for good secrets management
Kevin Gilpin
 
PPTX
Securing sensitive data with Azure Key Vault
Tom Kerkhove
 
PDF
Shifting security left simplifying security for k8s open shift environments
LibbySchulze
 
PPTX
Azure key vault
Rahul Nath
 
PPTX
Zero trust Architecture
AddWeb Solution Pvt. Ltd.
 
PPTX
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
Tom Kerkhove
 
PPTX
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Nick Maludy
 
PDF
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
DevOps.com
 
PPTX
Secret Management with Hashicorp Vault and Consul on Kubernetes
An Nguyen
 
PPTX
Azure security basics
Stas Lebedenko
 
PDF
Spring boot-vault
Jan Dittberner
 
PPTX
.NET Fest 2019. Stas Lebedenko. Practical serverless use cases in Azure with ...
NETFest
 
PPTX
Using Puppet With A Secrets Server
conjur_inc
 
Secret Management Architectures
Stenio Ferreira
 
Let's get started with passwordless authentication using windows hello in you...
Chris Ryu
 
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Akeyless
 
Streamline CI/CD with Just-in-Time Access
Akeyless
 
Global Azure Bootcamp 2017 - Azure Key Vault
Alberto Diaz Martin
 
Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...
Bloombase
 
Recipe for good secrets management
Kevin Gilpin
 
Securing sensitive data with Azure Key Vault
Tom Kerkhove
 
Shifting security left simplifying security for k8s open shift environments
LibbySchulze
 
Azure key vault
Rahul Nath
 
Zero trust Architecture
AddWeb Solution Pvt. Ltd.
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
Tom Kerkhove
 
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Nick Maludy
 
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
DevOps.com
 
Secret Management with Hashicorp Vault and Consul on Kubernetes
An Nguyen
 
Azure security basics
Stas Lebedenko
 
Spring boot-vault
Jan Dittberner
 
.NET Fest 2019. Stas Lebedenko. Practical serverless use cases in Azure with ...
NETFest
 
Using Puppet With A Secrets Server
conjur_inc
 
Ad

Similar to The Key to Strong Cloud Security (20)

PPTX
Application security meetup - cloud security best practices 24062021
lior mazor
 
PPTX
Akeyless Security - The best cyber security company to watch 2022- The Silico...
Philip c
 
PPTX
Where to Store the Cloud Encryption Keys - InterOp 2012
Trend Micro
 
PPTX
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
centralohioissa
 
PDF
Managing secrets at scale
Alex Schoof
 
PDF
Where Data Security and Value of Data Meet in the Cloud
Ulf Mattsson
 
PDF
Where data security and value of data meet in the cloud brighttalk webinar ...
Ulf Mattsson
 
PDF
Essentials of Network and Cloud Security.pptx.pdf
apurvar399
 
PPTX
Brave new world of encryption v1
Khazret Sapenov
 
PDF
Rugged Building Materials and Creating Agility with Security
David Etue
 
PPT
Securing Your Data In The Cloud
Omer Trajman
 
PDF
Where data security and value of data meet in the cloud ulf mattsson
Ulf Mattsson
 
PDF
Whose Cloud Is It Anyway: Exploring Data Security Ownership and Control
SafeNet
 
PPTX
AWS Security and Encryption
Richard Harvey
 
PPTX
Encryption in the enterprise
Bozhidar Bozhanov
 
PDF
Protect Your Sensitive Data with Gemalto Guidebook
Exclusive Networks ME
 
PPTX
UNEC__1732702810.pptxddgdfvcfgg hxh f f g h s s. Rcyctcecec
lefty8778
 
PPT
Aws training in bangalore
apponix123
 
PDF
SafeNet - Data Protection Company
ASBIS SK
 
PDF
Enterprise Cloud Security
MongoDB
 
Application security meetup - cloud security best practices 24062021
lior mazor
 
Akeyless Security - The best cyber security company to watch 2022- The Silico...
Philip c
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Trend Micro
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
centralohioissa
 
Managing secrets at scale
Alex Schoof
 
Where Data Security and Value of Data Meet in the Cloud
Ulf Mattsson
 
Where data security and value of data meet in the cloud brighttalk webinar ...
Ulf Mattsson
 
Essentials of Network and Cloud Security.pptx.pdf
apurvar399
 
Brave new world of encryption v1
Khazret Sapenov
 
Rugged Building Materials and Creating Agility with Security
David Etue
 
Securing Your Data In The Cloud
Omer Trajman
 
Where data security and value of data meet in the cloud ulf mattsson
Ulf Mattsson
 
Whose Cloud Is It Anyway: Exploring Data Security Ownership and Control
SafeNet
 
AWS Security and Encryption
Richard Harvey
 
Encryption in the enterprise
Bozhidar Bozhanov
 
Protect Your Sensitive Data with Gemalto Guidebook
Exclusive Networks ME
 
UNEC__1732702810.pptxddgdfvcfgg hxh f f g h s s. Rcyctcecec
lefty8778
 
Aws training in bangalore
apponix123
 
SafeNet - Data Protection Company
ASBIS SK
 
Enterprise Cloud Security
MongoDB
 
Ad

Recently uploaded (20)

PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Advanced Soft Computing BINUS July 2025.pdf
University of Hertfordshire
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PPTX
breach-and-attack-simulation-cybersecurity-india-chennai-defenderrabbit-2025....
defencerabbit Team
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Advanced IT Governance
University of Hertfordshire
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
GDG Cloud Iasi [PUBLIC] Florian Blaga - Unveiling the Evolution of Cybersecur...
athlonica
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
solutions_manual_-_materials___processing_in_manufacturing__demargo_.pdf
AbdullahSani29
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Advanced Soft Computing BINUS July 2025.pdf
University of Hertfordshire
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
breach-and-attack-simulation-cybersecurity-india-chennai-defenderrabbit-2025....
defencerabbit Team
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Advanced IT Governance
University of Hertfordshire
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
GDG Cloud Iasi [PUBLIC] Florian Blaga - Unveiling the Evolution of Cybersecur...
athlonica
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
solutions_manual_-_materials___processing_in_manufacturing__demargo_.pdf
AbdullahSani29
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 

The Key to Strong Cloud Security

  • 1. Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Oded Hareven, CEO & Co-founder @ Akeyless Oded@akeyless.io {Ret. Captain, Israel Defence Forces, CyberSecurity Identity Management, PAM, Information Security Infrastructure Dev, Product, Ops} The Key to Strong Cloud Security
  • 2. Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Akeyless DFC™ Virtual HSM Unique KMS Zero- Knowledge Technology, built for Hybrid era Unified SaaS IAM (1) Secrets Management (2) Secure Remote Access (3) Data Protection Akeyless Vault Platform Workload Identity Orchestration Serving market leaders enterprises Pharma, Software, Adtech, Online, E-commerce, Gaming Globally Available SaaS
  • 3. 3 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Challenges of the DevOps and Cloud Era • Ephemeral resources + Automation + IaC • Multiple environments • Hybrid Authentication • Perimeter-less world = data is everywhere • Root-of-trust in a non-trusted distributed architecture • Privileged Access (Remote, WFH, COVID-19)
  • 4. 4 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Admin Password PKI Certificate Application API-Key SQL Credentials AES Encryption RSA Signing Key SSH Key In short, it’s an IAM Chaos. Credentials SSH Certificate Trends that encourage the Massive use of Secrets 1. Containerization 2. Hybrid & multi-cloud 3. DevOps, CI/CD, Automation 4. Zero-Trust
  • 5. 5 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Data encryption Step #1: Data Protection & Access Control • Access Control • Control who can access the data? • How to validate her identity? • Data Encryption • Control who can access the encryption key? • How to validate his identity? Data Access Control
  • 6. 6 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Step #2: Identity Validation • Requires Authentication • Human • Machine • Using something that only the human/machine has • Secret = {password, credentials, api-key, certificate, ssh-key} • If you can’t keep a Secret - you can’t protect your Data... Password DB password DB User Application
  • 7. 7 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Step #3: Privileged Access • Who’s controlling my workloads? • Software Developers, DevOps Engineers, IT Architects • External vendors • Can they impersonate? • Admin can do everything... • PAM • Regulation and compliance • Session recording - Control human admin access • Secrets Repository • Default admin passwords rotation • Automation = Machines’ Privileged Access Password DB password DB User Application Admin OS Admin OS Admin Password Password
  • 8. 8 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Step #4: Root-of-Trust • Using an Encryption key to encrypt secrets & data +Using signing key to sign TLS/SSH Certificates = identities • Where to place the key? • Configuration - bad practice • Local store - not secured enough • KMS - good start • HSM - considered to be most secure • Secret-zero: accessing the key requires a secret? The chicken and the egg... Hardware Security Module
  • 9. Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Secrets Sprawl: Clear-text, unprotected Source Code DevOps Scripts Configuration Files x myScript { // App.Config DB password = “T0pSecr3t” API_Key_AWS = “Cl3aRt3xt$!” } x //myconfig < // App.Config Access_Token = “T0pSecr3t” API_Key_GCP = “Cl3aRt3xt$!” /> x Void myCode( ) { // App.Config Encryption_Key = “aKey43!t” API_Key_Azure = “Cl3a3xt$!” } Secrets are used also within workload management platforms
  • 10. Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 10 Report:"Managing Machine Identities, Secrets, Keys and Certificates" Published: 24 August 2020 Analyst: Erik Wahlstrom Source: Akeyless is mentioned in this Gartner report as a key player in the Secrets Management realm, p16. under “secrets management solutions”
  • 11. Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Secrets Management Fetch credentials, certificates and keys from any client - platform, script or application ***** ***** ***** API / SDK / CLI / Plugins Customer Application Customer Database 3rd-party Service API Password = “Pass12#” Applications Encrypted Secrets Store Human DevOps, IT, Developers Secrets Management
  • 12. 12 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Multi-channel Integration and Authentication Authentication via LDAP SAML OpenID Direct channels Platforms Plugins (examples) Machine authentication Human authentication
  • 13. 13 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Availability and Scalability What happens when all your workloads and employees are using a centralized Secrets Management system? • Ensure Service Continuity • Multi-region / hybrid / multi cloud • Disaster Recovery, Replication, Backup, Monitoring • Complex IT project • Consider: Self-deployment vs. SaaS
  • 14. 14 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Data encryption Yet this is not all…. Data Access Control
  • 15. 15 Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Just-in-time temporary credentials +SSH, RDP, Kubectl, SQL, Web applications and more... Isolated Session +Session Recording & transcript Zero-Trust Privileged Access / PAM 2.0 How to provide a Secure Workload Access? External Access Employee/Vendor Internal Resources Linux Servers Windows servers Databases Web applications Private Network Public Network SSH Tunnel Identity Providers Via LDAP, SAML, OpenID Customer Side *TrustScore Ready internal Access Employee
  • 16. Proprietary and Confidential, Akeyless Security Ltd ©️ 2021 Thank you. Further questions & thoughts you’d like to share? Mostly invited to drop an email to Oded@akeyless.io