Use Zero Trust To Secure Access to Cloud Workloads

While migrating to the cloud, teams and organizations need to rethink how they can secure their applications and infrastructure. Security in the cloud is being recast from static and IP-based (defined by a perimeter) to dynamic and identity-based (with no clear perimeter). This idea is known as zero trust security.

Zero trust is a security model that assumes all network traffic is untrusted until proven otherwise. This, in turn, provides an extra layer of security for cloud workloads, preventing data breaches and securing access.

Why enterprises are embracing zero trust security

Here are the top 3 use cases:

• Machine Authentication & Authorization: Enterprises need to centrally store, access and distribute dynamic secrets like tokens, passwords, certificates and encryption keys across any public or private cloud environment.
• Machine-to-Machine Access: Enterprises need to enable machine-to-machine access by enforcing authentication between applications and ensuring only the right machines are talking to each other.
• Human Access & Authorization: Enterprises need to secure access to applications and critical systems with fine-grained authorizations without managing credentials or exposing a network.

Every ICT professional knows the story of Uber, the poster boy of cloud-native companies. Its explosive growth transformed it from a startup in 2009 to a global giant with revenues of US$17.46 billion by 2021. What most people don’t know, however, is how the company scaled its Apache Hadoop deployment to over 21,000 hosts in 5 years, to support the various analytical and machine learning use cases, using HashiCorp Vault and zero trust as part of its solution.

“With the growing complexity and size of Hadoop infrastructure, it became increasingly difficult for the team to keep up with the various responsibilities around managing such a large fleet,” the company reported in a blog post in early 2021. “Fleet-wide operations using scripts and tooling consumed a lot of engineering time. Bad hosts started piling up without timely repairs.”

The company had more than 100 teams that interacted with Hadoop daily. It needed robust security protocols. “We set up persist keytabs in HashiCorp Vault and appropriate ACLs (access control levels) so that it can be read only by Hadoop Worker (nodes),” the company noted. Hadoop Worker nodes comprise most of the VMs in a Hadoop cluster and do the job of storing the data and running computations.

Zero trust security with HashiCorp

HashiCorp offers solutions for enterprises that need zero trust security for multi-cloud environments. It manages secrets across multiple clouds and private data centres, enforces security with identity and provides governance through policies. HashiCorp Vault enables enterprises to centrally store, access, and distribute dynamic secrets like tokens, passwords, certificates, and encryption keys across any public or private cloud environment. Unlike burdensome ITIL-based systems, HashiCorp solutions issue credentials to both people and machines in a dynamic fashion, creating a secure, efficient, and multi-cloud solution suited to today’s insecure world.

It’s part of the company’s “zero trust” security which secures everything based on trusted identities. Organizations can use zero trust to manage the transition to the cloud while maintaining the level of security required, one that trusts nothing and authenticates and authorizes everything.

There are now thousands of companies who, like Uber, seek to leverage the cloud (whether hybrid or multi-cloud) to run mission-critical workloads. It’s imperative that they seriously consider zero trust to secure access to authorized personnel. That’s where Cloud Kinetics and HashiCorp can help significantly.

“Organizations are rethinking how to secure their apps and infrastructure on the cloud,” says Cloud Kinetics’ Chief Revenue Officer Ted Aravinthan. “Security in the cloud is being recast from static, IP-based (defined by a perimeter) to dynamic, identity-based (with no clear perimeter). This is the core of zero trust security.”

This is especially true with emerging and booming markets like Indonesia. Indonesia is becoming a hot spot for global tech companies keen to get into one of Asia’s fastest-growing markets, Nikkei Asia reported on July 8, 2020. It’s where e-commerce and food delivery services are rapidly expanding. 

“The trend toward data localization is drawing the tech titans to Indonesia,” says Sandy Kosasih, Cloud Kinetics’ Director for Indonesia. “HashiCorp’s approach to identity-based security and access provides a solid foundation for companies to safely migrate and secure their infrastructure, applications, and data as they move to a multi-cloud world.”

“Companies use different identity platforms for federated systems of record,” says Suhail Gulzar, HashiCorp’s Regional Manager of Solutions Engineering for Asia. “Leveraging these trusted identity providers is the principle of identity-based access and security. Our products provide deep integration with the leading identity providers.”

How does zero trust enable human-to-machine access? “Traditional solutions for safeguarding user access used to require you to distribute and manage SSH keys, VPN credentials, and bastion hosts, which creates risks of credential sprawl and users gaining access to entire networks and systems,” says Fitra Alim, Cloud Kinetics’ Chief Technology Officer for Indonesia. “Cloud Kinetics deploys HashiCorp’s Boundary solution to secure access to apps and critical systems with fine-grained authorizations that don’t require managing credentials or exposing your entire network. This is an excellent security feature to protect the core network.”

If you’re keen to understand how companies like Uber leverage zero trust, or how you can get guidance on your zero-trust journey, get access to an exclusive webinar hosted by Cloud Kinetics and HashiCorp. We discuss the pillars of zero-trust security, zero trust in action, managing secrets securely, zero trust from an infrastructure provisioning standpoint, and other issues.