DEVOPSdigest

CryptoMove announced the launch of a private beta for its flagship solution, Tholos Key Vault.

Tholos is an API and SSH secrets management key vault providing enterprise-grade scalability, reliability and a modern user interface — reinforced by moving target defense, an innovative security model that decreases risk by increasing entropy and randomness.

"Modern enterprises that embrace digital transformation are propagating an unmanageable proliferation of keys and secrets that can slow development cycles — or lead to catastrophic data breaches," said Mike Burshteyn, CEO, CryptoMove. "Hardware-based solutions are too cumbersome for hyperscale computing and existing open source solutions introduce their own complexity, but Tholos is purpose-built to seamlessly integrate secrets management into DevOps, enabling a 'shift left' approach to application security."

Digital transformation trends, such as cloud-native environments, multi-cloud infrastructure, containerization, microservices and the Internet of things (IoT) are generating an overwhelming collection of API keys, SSH keys, authentication tokens, certificates and other secrets. However, agile development and lean startup philosophies encourage a fast and easy approach to DevOps, which may result in these secrets being shared — in plain text — over Email, Slack and even GitHub.

Research from GitHub indicates millions of access tokens, account credentials and SSH keys have been left exposed on public repositories. This relaxed attitude toward application security has a clear enterprise risk, as there has been an increasing frequency of major data breaches due to improperly stored cloud keys.

Legacy key management solutions, such as hardware security modules (HSM), are primarily focused on encryption keys instead of API keys, making them ill-suited for DevOps processes. HSM solutions are also devoid of cloud-native capabilities, leaving them unable to support multi-cloud, containerization and microservices. A new wave of open source secrets management solutions have emerged to address some of these challenges, but they introduce their own management complexity and still lack the ability to scale.

CryptoMove Tholos Key Vault is the first cloud-native secrets management key vault to deliver enterprise-grade scalability, reliability and a modern UI/UX, enabling organizations to securely accelerate cloud and containerization development projects. Tholos is delivered as a cloud service, which requires no installation or deployment — account creation takes less than two minutes. Tholos is also available for private cloud deployments. CryptoMove provides high availability through data replication to ensure fault tolerance and disaster recovery.

Key features and benefits of CryptoMove Tholos include:

- Seamless secrets management—Dynamically generate, rotate, share, revoke and expire API keys and other secrets through their entire lifecycle. Granular identity and access management (IAM) policies enforce access to ensure security and compliance. Automated analytics track key usage, including unauthorized user access for suspicious behavior detection. Centralized secrets recording streamlines audit and forensics.

- Programmatic application integration—Integrate APIs to retrieve secrets into applications and services programmatically, eliminating the risk of plain text secrets in code. Tholos easily integrates with AWS, Azure and GCP.

- Unparalleled Data Security—Moving target defense (MTD) fragments and encrypts sensitive data, replicating and transferring it across a system of decentralized nodes, and mutating its properties to further avoid detection by attackers. This increase in entropy and randomness increases the difficulty for attackers to identify and exfiltrate data—which increases further as the service scales—a quantifiable reduction in risk compared to stationary database encryption.