Protecting Your Company's Secrets in the Cloud-Native Age
December 07, 2017

George Wainblat
Unbound Technology

Modern businesses are migrating to a cloud-based model for hosting sensitive data to reap the benefits of agility and cost savings as well as to keep pace with customer demand. Cloud-Native methodologies such as DevSecOps, continuous delivery, containers and micro-services are essential building blocks in the digital business revolution. However, moving information and technologies from hardware to software poses a security concern – translating to a top challenge for both IT and the C-level, as applications built on top of micro-services and containers in a Cloud-Native environment utilize a wide variety of secrets for their proper functioning.

Define "Secret"

When it comes to cloud-native data and large volumes of information, secrets can come in all forms. Though, secrets can most simply be thought of as anything that if exposed would harm business reputation – much like we've seen in the most recent hacks from HBO, unveiling unaired episodes of Game of Thrones, and the now infamous Equifax breach which exposed millions of sensitive consumer records.

Similarly, cloud-native security has many types of secrets to protect, three of the main types that must be protected in the cloud are:

Sensitive Security Information (SSI) is confidential business materials like revenue and profits, even cyber threat information.

Personally Identifiable Information (PII) is any information that pertains to you as an individual, for example name, address, social security number, etc.

IT Systems Security Information is the information that makes up the technology infrastructure of a company, such as encryption keys (private and symmetric), certificates, and cloud service access credentials (e.g. AWS IAM).

Existing Obstacles

In an effort to not become the "next Equifax" and keep these cloud-native methodologies secure, there are several obstacles IT departments must address:

Secrets proliferation – having various secrets in multiple locations (on-premises, in the cloud and hybrid) make their management cumbersome as the secrets are decentralized and difficult to control. In addition, having secrets managed by different administrators translates to lack of control and commonly results in personnel oversight. Segmented visibility causes the confusion for local administrators because they don't have clarity of the access and usage information by different applications across the organization.

Another challenge organizations are facing are the use of dual infrastructures – legacy IT and modern Cloud-Native environments, in which keys are duplicated in both the classical IT environment as well as in the cloud. The ultimate issue lies in the reality that cloud-native systems cannot securely access resources that are external to the cloud environment.

The third issue is the high level of trust in hardware – causing it to be viewed as the security standard due to its rooted elements for securing secrets. Hardware Security Modules (HSMs) and Trusted Platform Modules (TPMs) do not have an architectural fit in software-defined security due to their physical aspects. However, given the demand for businesses to migrate to the cloud, companies are looking to overcome this obstacle. As such, cloud-native security must be scalable, interconnected and dynamic – and mirror the expanse and capabilities of the cloud methodologies while remaining as secure as hardware.

Businesses Implications

Once realizing that the above obstacles leave holes that can gravely impact business, we must comprehend the possible security breaches that are associated with lack of proper secrets protection.

A data breach, man-in-the-middle attack and certificate or credential theft are just a few examples of the potential types of cyberattacks that can occur when cloud-native secrets are not protected properly. Once hacked, business implications are costly and even devastating. Remembering back the Home Depot and Target breaches – the impact on sales was long-lasting, even for brands of their magnitude. Other implications could be law suits if you are a company who holds sensitive information like home addresses and social security numbers – much like Equifax. According to the research by British insurance company Lloyd(link is external), the damage from hacks costs businesses $400 billion a year.

The Software Vault

As potential damage of a breach is seen in reality, a different set of vault-like tools begin to emerge in the Cloud-Native ecosystem for containment of secrets. Encrypted data can rest within the software-defined vault and be transferred to applications as needed – an easy and scalable option for large enterprises. However, in the same way that a physical vault is only as secure as the hiding place of the key that unlocks it, it's content must be protected to ensure the security of the data, as it highly coveted by attackers. To keep vaulted cloud-native secrets secure, encryption keys must be safeguarded, meaning the keys require their own security measures.

There are many obstacles to overcome with a cloud-based security model – securing secrets and sensitive information is paramount in today's risk-prone world. With security breaches becoming more prevalent and brands taking heavy-hits as a result, a software-defined strategy can offer various benefits to modern companies such as scalability, agility and security. Companies who choose to utilize the power of encryption in the cloud need to secure their data in a two-fold process – the data directly and the access to it. The logistics and vastness of the cloud can at times seem daunting but proper security measures can help to make the cloud a viable and safe solution for the enterprise.

George Wainblat is Director of Product Management at Unbound Technology
Share this

Industry News

April 03, 2025

StackGen has partnered with Google Cloud Platform (GCP) to bring its platform to the Google Cloud Marketplace.

April 03, 2025

Tricentis announced its spring release of new cloud capabilities for the company’s AI-powered, model-based test automation solution, Tricentis Tosca.

April 03, 2025

Lucid Software has acquired airfocus, an AI-powered product management and roadmapping platform designed to help teams prioritize and build the right products faster.

April 03, 2025

AutonomyAI announced its launch from stealth with $4 million in pre-seed funding.

April 02, 2025

Kong announced the launch of the latest version of Kong AI Gateway, which introduces new features to provide the AI security and governance guardrails needed to make GenAI and Agentic AI production-ready.

April 02, 2025

Traefik Labs announced significant enhancements to its AI Gateway platform along with new developer tools designed to streamline enterprise AI adoption and API development.

April 02, 2025

Zencoder released its next-generation AI coding and unit testing agents, designed to accelerate software development for professional engineers.

April 02, 2025

Windsurf (formerly Codeium) and Netlify announced a new technology partnership that brings seamless, one-click deployment directly into the developer's integrated development environment (IDE.)

April 02, 2025

Opsera raised $20M in Series B funding.

April 02, 2025

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, is making significant updates to its certification offerings.

April 01, 2025

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the Golden Kubestronaut program, a distinguished recognition for professionals who have demonstrated the highest level of expertise in Kubernetes, cloud native technologies, and Linux administration.

April 01, 2025

Red Hat announced new capabilities and enhancements for Red Hat Developer Hub, Red Hat’s enterprise-grade internal developer portal based on the Backstage project.

April 01, 2025

Platform9 announced that Private Cloud Director Community Edition is generally available.

March 31, 2025

Sonatype expanded support for software development in Rust via the Cargo registry to the entire Sonatype product suite.

March 31, 2025

CloudBolt Software announced its acquisition of StormForge, a provider of machine learning-powered Kubernetes resource optimization.